An unencrypted laptop stolen from the boot of a teacher's car has led to the Information Commissioner's Office (ICO) getting on the case of a school in Oldham.
The teacher from Freehold Community School left the laptop in a car overnight when parked at home, allowing personal data - including names and dates of birth - of 90 pupils to get into the wrong hands and going against the policy set in place.
However, the ICO said the policy to not keep storage devices in cars away of school premises wasn't strong enough, as the school admitted it was unaware it needed to encrypt portable equipment.
"It is vitally important that organisations take the necessary precautions to ensure that people's personal information remains secure," said acting head of enforcement at the ICO, Sally-Anne Poole.
"The fact that the school was unaware of the need to encrypt the information stored on their laptop shows that many organisations continue to process personal information without having the most basic of security measures in place."
Yet again though, the ICO has not imposed a monetary fine on the organisation, with a spokesperson telling IT PRO the breach "did not meet the criteria included on our monetary penalty guidance."
Instead the head teacher of the school, Joyce Willetts, has been made to sign an undertaking to ensure all equipment in the future will be encrypted and teachers will be properly trained in technology security issues.
This week a freedom of information request (FoI) revealed the ICO fined less than one per cent of organisations who breached the Data Protection Act. Out of 2,565 cases referred to them, it only took action over 36 and fined just four.
However, deputy commissioner David Smith told the InfoSec 2011 conference the figures were false and claimed the number of cases reported was much lower.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
