Council loses children in care data
Stoke-on-Trent City Council loses a USB stick containing sensitive data of children in care.
The UK's data protection watchdog - the Information Commissioner's Office (ICO) - has taken action against Stoke-on-Trent City Council after the authority lost a USB stick containing sensitive information on 40 children in care.
A member of the public discovered the memory stick, which was unencrypted and not password protected, before returning it to the council.
The data included court reports and details of care proceedings.
Having breached the Data Protection Act, the local authority has been told to implement steps to ensure personal data stored by the body is adequately secured.
The council has agreed to encrypt portable and mobile devices used to store and transmit personal data, while staff education will be ramped up.
"When handling sensitive personal information, particularly information relating to the care of vulnerable children, it is important that authorities ensure the necessary measures are in place to protect this information," said Sally-Anne Poole, Enforcement Group Manager at the ICO.
Yet again, the ICO has not given out a fine for the breach.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"This incident occurred before 6 April so the powers now available to the information commissioner to issue penalties of up to 500,000 for serious breaches of the Data Protection Act, could not be considered," said Poole.
One of the central reasons why Google was not issued with a fine after the Street View Wi-Fi scandal was because the data was collected before the ICO's extra powers came into force.
An ICO spokesperson told IT PRO the council could "potentially" have been hit with a fine if the breach occurred after the penalty powers were granted.
The spokesperson also confirmed a fine would be handed to an as yet unnamed body or individual "in the near future," after information commissioner Christopher Graham indicated a penalty would be handed out before the end of the month.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.