A council has agreed to improve its security after losing a memory
stick which contained the details of at least six vulnerable adults in
November 2010.
Cambridgeshire County Council notified the Information Commissioner's
Office (ICO) after the breach.
An employee lost an unencrypted and unapproved device containing case
notes and minutes of meetings.
The member of staff had previously experienced problems using one of
the council's encrypted memory sticks.
The breach of the Data Protection Act happened just after the council
had undertaken an internal campaign aimed at promoting its encryption
policy.
Employees had been asked to hand in unencrypted devices and were
warned about the importance of keeping personal information secure.
Council apology
The ICO's enforcement group manager Sally Anne Poole said:
"Cambridgeshire County Council clearly recognises the importance of
encrypting devices in order to keep personal data secure.
"However this case shows that organisations need to check that their
data protection policies are continually followed and fully understood
by staff.
"We are pleased that Cambridgeshire County Council has taken action to
improve its existing security measures."
A council spokesman said: "Cambridgeshire County Council takes the
storage of personal data very seriously and has strict procedures on
how it should be stored.
"We apologise that this loss happened and contacted the relevant
people as soon as we were made aware.
"In this case the member of staff did not follow the council's policy
of using a password protected and encrypted memory stick.
"The loss of the memory stick was immediately reported by the member
of staff who, following a full investigation, has been disciplined and
given advice on their future professional conduct."
The missing device has not been found.
No comments:
Post a Comment