The Information Commissioner's Office (ICO) has found Manchester City Council in breach of the Data Protection Act (DPA) following the loss of two laptops computers from its Town Hall last October.
The two laptops one of which contained personal details relating to 1,754 employees at local schools were not data encrypted, password-protected or secured to the desks they were stolen from last October.
As a result, the ICO said that Sir Howard Bernstein, Manchester City Council's chief executive, has signed a formal Undertaking to ensure all laptops and other removable devices are encrypted and secured to desks or locked away.
The Undertaking also mandates that the authority ensures only essential personal information is downloaded to mobile devices.
In agreeing to with the seventh data protection principle that personal information is secure Sally-Anne Poole, head of enforcement and investigations at the ICO, added that the council has agreed that it should handle all personal information, including employment details, in compliance with the DPA.
She also stated: "We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of their staff is embedded in their organisational culture."
Poole said Manchester City Council had recognised the seriousness of this data loss and has agreed to take immediate action.
It has also agreed to implement an improved training programme, including regular refresher training for all staff. And the ICO said any failure to meet the terms of the Undertaking is likely to lead to enforcement action.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
