Manchester council caned over school data breach
Must do better
Manchester City Council has been rapped over the knuckles for the loss of two laptops containing sensitive personal information on teachers and workers at local schools.
The local authority was
sent to detention obliged to sign a promise to improve its performance following the loss of two unencrypted machines from the Town Hall, one of which held personal details about 1,754 employees at local schools. Neither of the laptops were physically secured to desks.
Sir Howard Bernstein, chief exec of Manchester City Council, signed a promise to encrypt laptops and other removable devices in future. The council chief also promised to apply security policies that mean laptop and other computing devices are either secured to desks or locked away, out of the reach of Manchester's many light-fingered citizens.
In a statement (PDF), data privacy watchdogs at the Information Commissioner's Office criticised the council for carelessness with personal data, and for clear violations of the Data Protection Act. Any future transgressions by the council could result in enforcement action by the ICO.
Manchester City Council is far from alone in experiencing problems with lost laptop or other incidents that result in information security breaches, and the potential disclosure of personal information. The latest figures from the ICO include 140 incidents involving the NHS and other health bodies, 53 within central government, 60 by local authorities, 72 within quangos and other public sector bodies and 161 by the private sector. ®