Stoke Council avoids fine over lost childcare data on USB stick farce
Potty security snafu in the Potteries
Stoke On Trent Council has received a "rebuke" for losing an unencrypted USB memory stick containing the personal details of children in care.
Court reports and details of care proceedings against 40 kids were mislaid as a result of the blunder, which might have easily been avoided by the use of memory sticks that support encryption. The device was received after a member of the public found it and returned it to the council.
The Information Commissioner's Office (ICO) gained new powers in April to fine organisations up to £500,000 for serious breaches of data privacy regulations (as covered by Data Protection Act).
However, since the incident happened before April, the council avoided any fine and instead was let off with a rebuke after its chief exec signed an undertaking to use encryption on portable and mobile devices.
Chris McIntosh, chief exec of encryption expert Stonewood, said that organisations in general should apply security policies to protect sensitive data rather than only acting if something goes wrong.
"Organisations need to take much greater care with personal data, particularly when children are involved," McIntosh said. "In this case, Stoke On Trent council was lucky that the incident occurred before 6 April, so avoiding the possibility of a penalty fine. However, future losses will not be so fortunate," he added. ®