A local authority which lost sensitive information about a group of children has signed a formal undertaking that it will endeavour to keep personal details secure in future. Leicester City Council was found to be in breach of the Data Protection Act by the Information Commissioner’s Office, which said it was alarmed at the level of data security breaches.
The ICO ruled that council staff breached the authority’s own procedures by downloading personal information on to an unencrypted memory stick. Sensitive personal information relating to 80 children was subsequently lost from a council-run nursery. Mick Gorrill, Assistant Information Commissioner at the ICO, said the council had acted responsibly by reporting the breach to the ICO and had taken remedial action.
He added: “The Data Protection Act clearly states that organisations must handle personal information securely. It is alarming that since November 2007 516 data security breaches have been reported to the ICO from organisations across the public, voluntary and private sectors.”
In signing the formal undertaking the council has agreed to implement a number of security measures to protect personal information more effectively. It is improving training programmes for all staff, including contractors and temporary personnel, with immediate effect. It has also agreed that sufficient supervision is carried out to help ensure staff adhere to relevant internal procedures and the requirements of the Data Protection Act.
Any failure to comply with the terms of the undertaking can lead to further
regulatory action by the ICO.