ICO chides child charities over unencrypted devices

The Information Commissioner's Office (ICO) has taken action against two children's charities after the theft of unencrypted computer equipment containing sensitive information.

Asperger's Children and Carers Together lost details on 80 children after an unencrypted laptop was stolen from an employee's home in December which contained, names, addresses, dates of birth and medical information.

Nottingham-based Wheelbase Motor Project, meanwhile, had an unencrypted hard drive stolen from its offices that contained information on 50 people relating to criminal convictions and child protection issues.

Both charities have signed undertakings with the ICO to encrypt all data in the future, and train staff on the correct ways to deal with sensitive information.

Sally-Anne Poole, acting head of enforcement at the ICO, explained that both charities should have known that they needed adequate security systems given the data they were handling, but that the matter had reached a satisfactory conclusion.

"The ICO's guidance is clear: any organisation that stores personal information on a laptop or other portable devices must make sure that the information is encrypted," she said.

"We are pleased that both charities have agreed to take the necessary steps to ensure that the personal information they hold is kept secure from now on."

Lost or stolen unencrypted devices are a frequent headache for the ICO. The watchdog was forced to reprimand a school in Oldham in April for losing information on 90 students after an unencrypted laptop was taken from a teacher's car.

Mick Gorill, former head of enforcement at the ICO, said recently that organisations wishing to avoid the ICO's wrath should consider appointing a full-time data security controller.