Three local councils have placed children's sensitive data at risk and have been found in breach of the Data Protection Act.
First off, the London Borough of Barnet has been criticised by the Information Commissioner's Office (ICO) for placing more than 9,000 child details at risk.
The ICO found that an unprotected USB stick and CDs containing the sensitive data on children and their family members had been taken from an employee's home.
The council worker downloaded the information onto unencrypted devices without authorisation and no training was given to prevent the employee getting the data.
Even before the incident, the ICO had carried out an audit of the authority that highlighted the need for additional training.
In the second case, a West Sussex County Council employee had an unencrypted laptop stolen, putting at risk sensitive personal data relating to an unknown number of children and families involved in childcare proceedings.
No formal data protection or IT security training had been given to the employee and the ICO found more than 2,300 unencrypted laptops were likely to still be in use across the council's operations.
Buckinghamshire County Council, meanwhile, was discovered to have lost a number of documents at Heathrow Airport containing the sensitive data of two children.
All three local authorities have now agreed to ensure workers are fully aware of policies on storage and use of personal information, while the London Borough of Barnet and West Sussex County Council will be ramping up their training on data protection and IT security.
"It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children," said Sally-anne Poole, enforcement group manager at the ICO.
"A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands."
In an emailed statement sent to IT PRO, Chris McIntosh, chief executive (CEO) of encryption firm Stonewood Group, said it was "outrageous" that the three councils had lost children's data.
"You have to ask what else needs to happen before companies and councils start protecting our data properly," he said.
"Employees are always going to lose memory sticks and laptops, but that doesn't have to mean data loss."
No monetary penalties were handed to the three local authorities and the ICO confirmed to IT PRO that it has never handed out a fine to any council.
The data protection body recently had its powers increased, meaning it can issue fines of up to 500,000 for a serious breach.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
