Councils slammed for placing child data in danger
The ICO has rapped three councils for failing to protect sensitive data on children.
Three local councils have placed children's sensitive data at risk and have been found in breach of the Data Protection Act.
First off, the London Borough of Barnet has been criticised by the Information Commissioner's Office (ICO) for placing more than 9,000 child details at risk.
The ICO found that an unprotected USB stick and CDs containing the sensitive data on children and their family members had been taken from an employee's home.
The council worker downloaded the information onto unencrypted devices without authorisation and no training was given to prevent the employee getting the data.
Even before the incident, the ICO had carried out an audit of the authority that highlighted the need for additional training.
In the second case, a West Sussex County Council employee had an unencrypted laptop stolen, putting at risk sensitive personal data relating to an unknown number of children and families involved in childcare proceedings.
No formal data protection or IT security training had been given to the employee and the ICO found more than 2,300 unencrypted laptops were likely to still be in use across the council's operations.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Buckinghamshire County Council, meanwhile, was discovered to have lost a number of documents at Heathrow Airport containing the sensitive data of two children.
All three local authorities have now agreed to ensure workers are fully aware of policies on storage and use of personal information, while the London Borough of Barnet and West Sussex County Council will be ramping up their training on data protection and IT security.
"It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children," said Sally-anne Poole, enforcement group manager at the ICO.
"A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands."
In an emailed statement sent to IT PRO, Chris McIntosh, chief executive (CEO) of encryption firm Stonewood Group, said it was "outrageous" that the three councils had lost children's data.
"You have to ask what else needs to happen before companies and councils start protecting our data properly," he said.
"Employees are always going to lose memory sticks and laptops, but that doesn't have to mean data loss."
No monetary penalties were handed to the three local authorities and the ICO confirmed to IT PRO that it has never handed out a fine to any council.
The data protection body recently had its powers increased, meaning it can issue fines of up to 500,000 for a serious breach.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.