Leicester nursery loses memory stick with children's details
Details of 80 children potentially AWOL
Parents concerned that new government databases might lead to their children’s data being lost or stolen were this week able to pilot the experience courtesy of a Leicester-based nursery, which appears to have "misplaced" a data stick containing details of children in their care.
At time of writing, Leicester City Council, which is responsible for the nursery, could not confirm whether the stick was lost or stolen. Nor would it confirm the name of the nursery involved until parents had been fully informed.
The council has however launched the obligatory information, reported the matter to the police, and let the Information Commissioner know.
It also admits that details of around 80 children could be on the stick, including names, addresses, dates of birth and telephone numbers.
Council leaders apologised today and said the data should not have been stored on a memory stick in the first place.
Sheila Lock, the council’s chief executive said: "We take the issue of data security extremely seriously.
"From initial information available to me it is clear there has been a serious and unacceptable breach of our protocols around data storage and data loss.
"In light of this incident we are taking immediate steps to remind all of our staff about the strict rules we have in place."
For once, the body concerned appears to have had a reasonably sensible security policy in place. According to guidelines released in December, 2007:
"All council-owned data should be appropriately protected from unauthorised access. The level of protection will reflect the sensitivity of the material. In practical terms, this will be provided by password protection and/or encryption.
"At minimum this will involve password protecting the medium or documents being stored. However, sensitive personal data as defined by the DPA must be encrypted, using a minimum of 128-bit encryption. Higher levels of encryption should be used where they are available."
A council spokesperson added that "encryption software was made available to staff, along with training and guidelines on how to use it."
"We buy encrypted memory sticks which meet our standards, and instructions on their use are also made available," the spokesperson added.
All well and good. The only question remaining is whether staff at the nursery involved actually followed the council's policies.
In the meantime, parents and carers will be given support and advice on changing phone numbers or, in extreme circumstances, will even be offered help changing address. ®
names and addresses, Telephone numbers, dates of birth...
At my kids' primary school I think they'd rather dance naked in the playground than hand over such information to new parents. We did get a list of children in the class, probably because that was simpler than preparing a custom letter for each parent, but all else is secret. Still, it gives us something to talk about for the first few weeks of term and it doesn't stay secret for long.
But good security practice is that where there is no need to know, there's a need not to know. That applies to nursery contact lists just as much as it applies to a national child database, if only because one set of rules is easier to enforce than two and "easy to enforce" is clearly a requirement when you are dealing with government.
Paris, because she knows the difference between her secrets and her privates.
Did anyone ever loose anything in years gone by ?
Of course they did, so why the fuss when it happens now ? I do remember a few stories of paper files on the council tip, etc.
Partly because this sort of loss has become a popular press meme and also the amount that can be lost is so much greater -- to have lost what you can put on one memory stick you would have had to have lost a barrow load of paper (at least).
Don't get me wrong: it is right that we should castigate those who are careless with data and everyone needs to learn to be more careful.
Still don't get it. Personal information is just that. If the parent WISHES to share with other parents, that is their choice. It shouldn't be shared because (1) some ditz lost a usb stick, (2) some wamker left the door open (literally or figuratively) to the database (oooohhh, the databases are coming, the databases are coming!)...sorry.
A database only makes it that much easier to get access to your child if this information is left wild. Ok, so you're not worried about paedos. I'm not particularly worried either. On the other hand, there's more wackos out there than just paedos; and I'm not wanting ANY of them having direct access to info about my sprog, thank you.
Even Paris knows that personal information in the wrong hands causes problems.