ICO Raps Council Over USB Stick Loss, but Imposes No Fines
The Information Commissioner’s Office has once again sanctioned a council guilty of losing a USB stick which contained case notes and minutes of meetings about the aids for six adults.
Cambridgeshire council has violated data privacy laws when it compromised such information of vulnerable adults, and like the case of Stoke-on-Trent City Council that had lost in November last year the same device containing personal data of 40 children in care proceedings, the USB stick was unencrypted.
The loss of USB stick took place amid efforts of Cambridgeshire council to strengthen its encryption policy. Under the policy, employees were asked to surrender their unencrypted memory sticks.
Sally Anne Poole, enforcement group manager at the ICO, said the council needs to ensure that its policy is followed by every staff following the loss of the USB stick.
She said the staff responsible for the loss of the USB stick did not follow proper IT security measures.
The council reported the incident to the ICO in November 2010. However, the USB stick remains missing.
Cambridgeshire council has already signed an undertaking binding itself to ensure that all devices used by the staff are encrypted and to implement regular monitoring schedule to ensure strict compliance to the policies.
A spokesperson from the Cambridgeshire said it has since taken the “storage of data very seriously” and implemented the necessary steps to prevent the incident from happening again.
Poole said the ICO is glad that the Cambridgeshire County Council has decided to improve its security measures following the loss of USB stick.