Council caught out after loss of memory stick

London, UK, Feb. 23, 2011 –/– Cambridgeshire County Council breached the Data Protection Act by losing a memory stick containing sensitive data relating to vulnerable adults, the Information Commissioner’s Office (ICO) said today.

The ICO was informed by the council in November 2010 that an employee had recently lost an unencrypted memory stick containing personal data relating to a minimum of six individuals. The information included case notes and minutes of meetings relating to the individuals’ support and was saved on an unapproved memory stick. The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.

The breach occurred shortly after the council had undertaken an internal campaign aimed at promoting its encryption policy. During this time employees had been asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure.

Sally Anne-Poole, Enforcement Group Manager at the ICO, said:

“While Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff.”

“We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.”

Mark Lloyd, Chief Executive of Cambridgeshire County Council has signed a formal undertaking to ensure that all portable devices used by the council are encrypted using encryption software that meets the current standard. The council has also agreed to carry out regular monitoring of its data protection policies and IT security measures in order to ensure that they are being followed by all staff.

A full copy of the undertaking can be viewed here:


If you need more information, please contact the ICO press office on
0303 123 9070 or visit the website at:

Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed

• Processed for limited purposes

• Adequate, relevant and not excessive

• Accurate and up to date

• Not kept for longer than is necessary

• Processed in line with your rights

• Secure

• Not transferred to other countries without adequate protection

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. Ealing and Hounslow Councils Fined £150,000 by UK’s ICO for Serious Breaches Under the Data Protection Act
  2. ICO Fines Glasgow City Council £150,000 ($233,000 USD) for the Loss of Two Unencrypted Laptops
  3. ICO Fines Two Councils £180,000 for Serious Data Breaches
  4. ICO Fines Nursing and Midwifery Council £150,000 ($233,000 USD) for Breaching the Data Protection Act
  5. Backup-Technology Online Data Backup Expert Tips: Scottish Council Ahead of Schedule with New Data Protection Policy
  6. Veeam Provides Hastings District Council with Always-On Availablity that Scales to Meet the Council’s High-Growth Capacity of Nearly 75,000 Citizens
  7. Yancey County Saves 400 Man Hours a Year with Connected Data’s Transporter Private Cloud Storage Appliance
  8. Howard County Medical Center Solves Data Dilemma With BridgeHead
  9. Online Data Backup Provider Network Recovery Joins Asigra Partner Advisory Council
  10. California Judicial Council Approves Framework for IT Disaster Recovery Planning