All the latest UK technology news, reviews and analysis


ICO fines Glasgow Council £150,000 over lost laptop exposing 6,000 bank account details

07 Jun 2013
George Square Glasgow

Glasgow City Council has been fined £150,000 for its slapdash attitude to data protection, having lost 74 unencrypted laptops, including one containing more than 6,000 people's bank records.

The size of the fine hints at the anger within the Information Commissioner's Office (ICO), which had previously slapped an enforcement notice on the council in 2010 following the loss of unencrypted memory sticks.

“How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief,” said Ken Macdonald, the ICO assistant commissioner for Scotland. “The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.”

While the ICO had concerns over the sheer number of unencrypted laptops going missing at the council, it was further angered by the loss of two in May last year. In that case, one of the laptops contained personal data relating to more than 20,000 people, and bank details for more than 6,000.

According to the ICO, the laptops were given to two employees who needed to be able to work flexibly. One member of staff locked her laptop in her drawer, while putting the key in her colleague's desk drawer. Unfortunately, that colleague left work putting his own laptop alongside the key, but forgot to lock the drawer. Both laptops were stolen overnight.

The ICO reported that both employees had requested that their laptops be encrypted but the council had not done so.

“Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost. To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow,” railed Macdonald.

The ICO has not found any evidence that the bank accounts have been targeted following the losses.

Last year, the ICO fined Brighton and Sussex University Hospital £375,000 after a contractor stole hard drives from the NHS Trust, although the Trust appealed.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Law
What do you think?
blog comments powered by Disqus
Related jobs
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
21%
6%
3%
2%
68%

Popular Threads

Powered by Disqus
Galaxy S5 vs Nexus 5 head to head review front

Galaxy S5 vs Nexus 5 video review

We compare Samsung and Google's top devices

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Java Software Engineer - Hadoop/Concurrency - Financial

Senior Java Software Engineer - Big Data, Hadoop, Core...

Python Software Engineer - High Frequency Trading Systems

Python Software Engineer - Python, Django, SQL, C...

C# Algo-Developer (BDD/TDD, ASP.NET, JavaScript, RX)

C# Algo-Developer (BDD/TDD, ASP.NET, JavaScript, Reactive...

Oracle Data Warehouse Developer - Financial Betting Exchange

Oracle Data Warehouse Developer - Oracle 11g, ETL, PL...
To send to more than one email address, simply separate each address with a comma.