Feeds

Leicester nursery loses memory stick with children's details

Details of 80 children potentially AWOL

Combat fraud and increase customer satisfaction

Parents concerned that new government databases might lead to their children’s data being lost or stolen were this week able to pilot the experience courtesy of a Leicester-based nursery, which appears to have "misplaced" a data stick containing details of children in their care.

At time of writing, Leicester City Council, which is responsible for the nursery, could not confirm whether the stick was lost or stolen. Nor would it confirm the name of the nursery involved until parents had been fully informed.

The council has however launched the obligatory information, reported the matter to the police, and let the Information Commissioner know.

It also admits that details of around 80 children could be on the stick, including names, addresses, dates of birth and telephone numbers.

Council leaders apologised today and said the data should not have been stored on a memory stick in the first place.

Sheila Lock, the council’s chief executive said: "We take the issue of data security extremely seriously.

"From initial information available to me it is clear there has been a serious and unacceptable breach of our protocols around data storage and data loss.

"In light of this incident we are taking immediate steps to remind all of our staff about the strict rules we have in place."

For once, the body concerned appears to have had a reasonably sensible security policy in place. According to guidelines released in December, 2007:

"All council-owned data should be appropriately protected from unauthorised access. The level of protection will reflect the sensitivity of the material. In practical terms, this will be provided by password protection and/or encryption.

"At minimum this will involve password protecting the medium or documents being stored. However, sensitive personal data as defined by the DPA must be encrypted, using a minimum of 128-bit encryption. Higher levels of encryption should be used where they are available."

A council spokesperson added that "encryption software was made available to staff, along with training and guidelines on how to use it."

"We buy encrypted memory sticks which meet our standards, and instructions on their use are also made available," the spokesperson added.

All well and good. The only question remaining is whether staff at the nursery involved actually followed the council's policies.

In the meantime, parents and carers will be given support and advice on changing phone numbers or, in extreme circumstances, will even be offered help changing address. ®

SANS - Survey on application security programs

More from The Register

next story
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.