recent work

Another Council signs formal undertaking for data breach

An unencrypted memory stick holding personal details of over 18,000 residents has been lost by Rochdale Metropolitan Borough Council, and as a result has signed a formal undertaking as required by Information Commissioner’s Office (ICO), to ensure that a similar breach does not happen again.

The memory stick was never recovered, and information lost included names, addresses and payment details – it was used in order to compile the council’s financial accounts.

As with many organisations, both public and private, the ICO found that the council’s data protection practises were inadequate; procedures were not sufficient, and procedures and training were not satisfactory.

As well as requiring the council to put all of the changes in place by 31 March 2012, the ICO will follow up with the council to ensure that the have been implemented.

Acting Head of Enforcement, Sally Anne Poole said:

“Storing the details of over 18,000 constituents on an unencrypted device is clearly unacceptable. This incident could have been easily avoided if adequate security measures had been in place. Luckily, the information stored on the device was not sensitive and much of it is publicly available. Therefore, the incident is unlikely to have caused substantial distress to local people. 

“Our investigation uncovered a number of failings at Rochdale Metropolitan Borough Council – that’s why we will follow up with the council, to ensure they’re doing everything they can to prevent this type of incident happening again.”

Comment
Absolute Data is committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. DataWise, one of our services, provides clients with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.