Cambridgeshire council in memory stick blooper
A council is told to shore up its security practices after losing an unencrypted memory stick.
Cambridgeshire County Council has breached the Data Protection Act after a memory stick containing sensitive data relating to vulnerable adults went missing.
The Information Commissioner's Office (ICO) was told about the loss in November 2010, when an employee lost an unencrypted memory stick containing personal data of six individuals.
The unencrypted stick had not been approved to store the information that was downloaded onto it.
Furthermore, the breach happened just after the council had carried out an internal campaign to promote its encryption policy.
Data included case notes and minutes of meetings related to the individuals' support.
"While Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff," said Sally Anne Poole, enforcement group manager at the ICO.
"We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The council has escaped a fine, but has pledged to use adequate encryption on portable devices and regularly monitor data protection and IT security policies.
A Cambridgeshire County Council spokesperson apologised for the data loss and confirmed the affected parties had been informed.
"The loss of the memory stick was immediately reported by the member of staff involved, who following a full investigation has been disciplined and given advice on their future professional conduct," the spokesperson said.
Chris McIntosh, chief executive (CEO) of Stonewood, said the council had failed with employee education.
"An organisation can have the best security technology and protocols in the world, but without an educated workforce they're worthless," he said.
"There will always be a chance of human error in IT security; the job of the organisation is to make sure that its employees are educated on these risks and that policies are enforced."
Earlier this week, the ICO rapped the Identity and Passport Service for losing customer data.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.