Three local authorities lose sensitive data on children

Failing to encrypt data concerning children has been described as 'beyond unacceptable'

Three local authorities have been taken to task by the Information Commissioner's Office for breaching the Data Protection Act.

London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council had all lost sensitive information relating to children.

An unencrypted, non-password protected USB stick and CDs containing the personal information on over 9,000 children and members of their families was stolen from an employee of the London Borough of Barnet.

West Sussex County Council had an unencrypted laptop stolen containing sensitive personal data relating to an unknown number of children, while Buckinghamshire County Council lost documents containing sensitive data on two children.

Sally-Anne Poole, enforcement group manager at the ICO, said that the councils had shown poor regard for the importance of protecting children's personal information.

"It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children," she added.

"A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands."

Chris McIntosh, chief executive at encryption firm Stonewood, argued that the incidents highlight the pressing need for councils to take better precautions.

"Employees are always going to lose memory sticks and laptops, but that doesn't have to mean data loss. It's not rocket science. There will always be simple human errors," he said.

"It is outrageous that three councils seem to have so little regard to keeping our children safe. It is bad enough that they don't protect their own data, but to lose information about those who are the most vulnerable is beyond unacceptable."