Our Latest Online Backup Reviews:Vembu SyncBlaze
Industry LinksTools and Graphs
Council caught out after loss of memory stick
London, UK, Feb. 23, 2011 –/BackupReview.info/– Cambridgeshire County Council breached the Data Protection Act by losing a memory stick containing sensitive data relating to vulnerable adults, the Information Commissionerâ€™s Office (ICO) said today.
The ICO was informed by the council in November 2010 that an employee had recently lost an unencrypted memory stick containing personal data relating to a minimum of six individuals. The information included case notes and minutes of meetings relating to the individualsâ€™ support and was saved on an unapproved memory stick. The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.
The breach occurred shortly after the council had undertaken an internal campaign aimed at promoting its encryption policy. During this time employees had been asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure.
Sally Anne-Poole, Enforcement Group Manager at the ICO, said:
â€œWhile Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff.â€
“We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.â€
Mark Lloyd, Chief Executive of Cambridgeshire County Council has signed a formal undertaking to ensure that all portable devices used by the council are encrypted using encryption software that meets the current standard. The council has also agreed to carry out regular monitoring of its data protection policies and IT security measures in order to ensure that they are being followed by all staff.
A full copy of the undertaking can be viewed here:
If you need more information, please contact the ICO press office on
Notes to Editors
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
â€¢ Fairly and lawfully processed
â€¢ Processed for limited purposes
â€¢ Adequate, relevant and not excessive
â€¢ Accurate and up to date
â€¢ Not kept for longer than is necessary
â€¢ Processed in line with your rights
â€¢ Not transferred to other countries without adequate protection
Like us on Facebook
Sponsored Links:Data Deposit Box Asigra Bacula Systems