Manchester City Council has promised to improve its data protection practices
Manchester council breaches Data Protection Act
/v3-uk/news/1991952/manchester-council-breaches-data-protection-act
23 Jun 2009, Rosalie Marshall , V3
Manchester City Council has lost two unencrypted laptops containing personal details on at least 1,754 employees at local schools.
The Information Commissioner's Office (ICO) confirmed that the council had breached the Data Protection Act, and that it will have to conform to higher standards.
Manchester City Council chief executive Howard Bernstein signed a formal undertaking (PDF) that the council will ensure that all laptops and other removable devices are encrypted and secured, and that only essential personal information is downloaded to mobile devices.
Bernstein also promised to implement an improved training programme covering the security of personal information.
"Organisations must implement appropriate safeguards to ensure that personal details are handled securely and do not fall into the wrong hands," said Sally-Anne Poole, head of enforcement and investigations at the ICO, in a statement.
"We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of staff is embedded in organisational culture."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
No data on portable devices
The technology exists to prevent data being stored on laptops/USB drives/CD-ROM/etc - anything other than a server locked in a secure room. The technology also exists to make that data available via an authenticated, secure network connection, whether it be from within the office, home or almost anywhere else.
All it needs is the will to put these technologies into place
Posted by Grunt Gruntson, 23 Jun 2009
Accountability
This is hardly the first loss of a laptop computer by a public body, and it is about time that ALL organisations within the public sector took the Data Protection Act a bit more seriously. Perhaps if the penalties for non-compliance were greater and senior officers were held to be personally accountable under the law, they might start to address this ongoing problem. If however, the only penalty is naming and shaming the organisation concerned, then those guilty of negligence will continue to hide within their organisations and losses of personal data will continue.
Posted by Michael Abbiss, 25 Jun 2009