Barnet Borough Council Fined £70,000 For Data Loss

ICO

Council fined after second offence in two years, but further loss prevented by laptop encryption

The London Borough of Barnet has been slapped with a £70,000 fine by the Information Commissioner’s Office (ICO) after paper records containing sensitive information were stolen, along with a laptop.

The laptop was encrypted, preventing any further loss of data, but the ICO has called on the council to enact more organisational measures to prevent accidental losses occurring again and for paper records to be stored separately from computers.

Digital advantage

The loss occurred when a social worker took the paper records home in order to work on them outside of office hours. Their house was burgled in April last year and a laptop bag, which contained the records and the encrypted laptop, was taken. The papers included names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children and young people.

The subsequent ICO investigation found that the council had an information security policy and had provided some guidance to its staff on handling sensitive papers, but the measures failed to explain how that information should be kept secure.

This is not the first time that Barnet has attracted the attention of the ICO. In June 2010 it signed an undertaking after an unencrypted, non-password protected USB stick containing the sensitive personal information of more than 9,000 children and their family members was stolen from the home of a council employee.

The employee had downloaded data onto the device without any authorisation in place, although it was later revealed that no training or security was in place to prevent this happening. The council introduced a paper handling policy following the incident, but this was not in place at the time of this latest loss.

“The potential for damage and distress in this case is obvious. It is therefore extremely disappointing the council had not put in place sufficient measures in time to avoid this second loss,” said Simon Entwisle, the ICO’s director of operations. “While we are pleased that Barnet Council has now taken action to keep the personal data they use secure, it is vitally important that organisations have the correct guidance in place to keep sensitive paper records taken outside of the office safe. This includes storing papers containing sensitive information separately from laptops.”

The ICO recently announced that the organisers of the London Marathon were to face an investigation after the home and email addresses of participants were accidentally posted on the event’s official website. The watchdog has had problems of its own to deal with though, after it became the target of a DDoS attack from Anonymous splinter group the ATeam.

What do you know about privacy? Find out with our quiz!