Shropshire Council was today rapped over the knuckles after officials lost a computer memory stick which contained personal information about vulnerable members of the public.
The unencrypted memory stick also contained details about members of the council’s own staff who were working in the sensitive adult social care department.
The stick, which contained a social care management database, including contact details and sensitive health information, was lost during a postal transfer from the council to a contractor in Cardiff.
The Information Commissioner’s Office said the loss breached the Data Protection Act. The authority today said it was “extremely sorry” for the loss of the memory stick but stressed there was no evidence the information on it had been found or misused.
The memory stick contained records which the ICO said were “excessive” for their purpose and out of date.
The ICO said that since the incident the council had worked closely with it to ensure that lessons were learned and has signed a formal undertaking to ensure databases only contain relevant and up-to-date information and that this is only transferred to portable devices such as memory sticks where absolutely necessary.
The undertaking also requires the encryption of portable and mobile devices used to store and transmit personal data.
Mick Gorrill, assistant information commissioner, said: “It is essential that organisations ensure the correct safeguards are in place when storing and transferring personal information, especially when it relates to such sensitive issues.
“Information must be kept be kept safe, secure and up to date. These are important principles of the Data Protection Act.”
Val Beint, Shropshire Council’s director of community services, said this was the first recorded incident of its kind at the authority and it was “extremely sorry” it had happened.
She said the council took security very seriously and had taken immediate steps to ensure that nothing like this happened again.
By Dave Morris
See Also:
3 Comments
Some one is accountable so sack them.
Report abuse
So nice to see that our councils remain enveloped in an air of civility.
Do this in a private company, (a real one, not one of those incestuous private government agencies or contractors), you get sacked.
Do it in the council and you are merely “rapped over the knuckles”, although I suppose that’s one up from the “stern talking-to” or “slapped wrists” that normally occurs.
How nice to be let loose among the public and be able to expose so many vulnerable people to more potential danger and come away from the experience with job, promotion prospects, influence, salary and gold-plated council taxpayer-funded pension intact.
Report abuse
Why don’t the basic rules of data protection seem to apply to government agencies?
Personal information should never be ‘posted’ – it should be encrypted and send via secure data networks…. it’s really not hard and should be the very minimum we should expect from anyone holding our information.
Sadly the data commissioner does not appear to be taking these continued breaches seriously enough.
Lets have the council management home addresses, salaries, family details and bonus details sent unencrypted in the post and see some action then…..
Report abuse