Sandwell Council has promised to improve data security after an employee lost a memory stick containing unprotected information on families subject to child protection measures.
The Information Commissioner’s Office (ICO) found that the council breached the Data Protection Act because the memory stick was not password protected and contained sensitive personal information relating to four families.
Child protection cases
This included why children had been taken into care or made subject to a child protection plan. The employee downloaded the information to work on the cases at home, but lost the memory stick on the way home.
Sandwell’s chief executive, Alison Fraser, has signed an undertaking to ensure that laptops and other portable devices containing personal data are encrypted using software that meets encryption standards.
She has also promised to make staff aware of its policy on the storage and use of data and ensure this is followed by council employees.
First incident of its kind
A council spokesperson said this was the first recorded incident of its kind at the council, and said there was no evidence that anyone else had found or misused the information on the memory stick.
She said the council had already:-
• Reinforced the council’s existing ban on the use of unencrypted memory sticks for transferring personal or sensitive data.
• Reminded all council employees of best practice in relation to information security.
• Launched a programme of staff and manager briefings to reinforce procedures and best practice.
• Agreed to upgrade security software on the council’s portable IT devices.
In a separate case, Wigan Council signed an undertaking to improve data security after the ICO found that an unencrypted laptop containing personal data on all 43,000 children in the borough’s schools had been stolen.