TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | UK--ICO Fines City Authority 150,000 GBPs Following Loss of Laptops Related reading: LIBE votes to push Lauristin's ePrivacy Regulation forward

rss_feed
DPC17_WebBanner_300x250-COPY
PrivacyTraining_ad300x250.Promo1-01
OneTrust_SmartPrivacy_banner_ads_300x250_20170818_

By Brian Davidson, CIPP/E

The Information Commissioner's Office (ICO) has issued Glasgow City Council with a 150,000 GBP monetary penalty notice following the loss of two unencrypted laptops, one of which contained the personal information of 20,143 people.

The laptops were stolen from the council's offices—premises which were being refurbished and where complaints about theft and a lack of security had already been made—on 28 May last year. One of the laptops stolen contained the council's creditor payment-history file, listing the personal information of more than 20,000 people, including 6,069 individuals' bank account details.

The breach of the UK Data Protection Act comes after the council was previously issued with an enforcement notice three years ago, following a similar incident where an unencrypted memory stick containing personal data was lost.

The latest ICO investigation found that, despite their previous warning and in breach of the council's own policy, the council had issued a number of its staff with unencrypted laptops after experiencing problems with the encryption software. Whilst many of these laptops were later encrypted, the ICO subsequently discovered that a further 74 unencrypted laptops remain unaccounted for, with at least six of these laptops known to have been stolen.

The ICO has also served the council with an enforcement notice requiring it to carry out a full audit of its IT assets used to process personal data and arrange for all of its managers to receive full asset-management training. The council is also required to carry out a full check of its devices each year so that its asset register can be kept up-to-date.

Brian Davidson, CIPP/E, is a privacy and information law advisor at Field Fisher Waterhouse, LLP.

Comments

If you want to comment on this post, you need to login.