All the latest UK technology news, reviews and analysis


ICO fines Glasgow Council £150,000 over lost laptop exposing 6,000 bank account details

07 Jun 2013
George Square Glasgow

Glasgow City Council has been fined £150,000 for its slapdash attitude to data protection, having lost 74 unencrypted laptops, including one containing more than 6,000 people's bank records.

The size of the fine hints at the anger within the Information Commissioner's Office (ICO), which had previously slapped an enforcement notice on the council in 2010 following the loss of unencrypted memory sticks.

“How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief,” said Ken Macdonald, the ICO assistant commissioner for Scotland. “The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.”

While the ICO had concerns over the sheer number of unencrypted laptops going missing at the council, it was further angered by the loss of two in May last year. In that case, one of the laptops contained personal data relating to more than 20,000 people, and bank details for more than 6,000.

According to the ICO, the laptops were given to two employees who needed to be able to work flexibly. One member of staff locked her laptop in her drawer, while putting the key in her colleague's desk drawer. Unfortunately, that colleague left work putting his own laptop alongside the key, but forgot to lock the drawer. Both laptops were stolen overnight.

The ICO reported that both employees had requested that their laptops be encrypted but the council had not done so.

“Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost. To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow,” railed Macdonald.

The ICO has not found any evidence that the bank accounts have been targeted following the losses.

Last year, the ICO fined Brighton and Sussex University Hospital £375,000 after a contractor stole hard drives from the NHS Trust, although the Trust appealed.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Law
What do you think?
blog comments powered by Disqus
Poll

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?
61%
4%
2%
0%
33%
0%

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
mubaloo2

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

BI Developer

Industry: Insurance Salary: £45-55K + bens Skills...

Support Account Manager

Resident Support Account Manager. As a “Trusted...

Linux networking Technical Support

The Tier 2 Engineer will work as part of a specialist...

Business Intelligence Analyst

Citywire is a global publishing company with offices...
To send to more than one email address, simply separate each address with a comma.