All the latest UK technology news, reviews and analysis


ICO fines Glasgow Council £150,000 over lost laptop exposing 6,000 bank account details

07 Jun 2013
George Square Glasgow

Glasgow City Council has been fined £150,000 for its slapdash attitude to data protection, having lost 74 unencrypted laptops, including one containing more than 6,000 people's bank records.

The size of the fine hints at the anger within the Information Commissioner's Office (ICO), which had previously slapped an enforcement notice on the council in 2010 following the loss of unencrypted memory sticks.

“How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief,” said Ken Macdonald, the ICO assistant commissioner for Scotland. “The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.”

While the ICO had concerns over the sheer number of unencrypted laptops going missing at the council, it was further angered by the loss of two in May last year. In that case, one of the laptops contained personal data relating to more than 20,000 people, and bank details for more than 6,000.

According to the ICO, the laptops were given to two employees who needed to be able to work flexibly. One member of staff locked her laptop in her drawer, while putting the key in her colleague's desk drawer. Unfortunately, that colleague left work putting his own laptop alongside the key, but forgot to lock the drawer. Both laptops were stolen overnight.

The ICO reported that both employees had requested that their laptops be encrypted but the council had not done so.

“Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost. To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow,” railed Macdonald.

The ICO has not found any evidence that the bank accounts have been targeted following the losses.

Last year, the ICO fined Brighton and Sussex University Hospital £375,000 after a contractor stole hard drives from the NHS Trust, although the Trust appealed.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Law
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
22%
13%
4%
22%
28%
11%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Application Specialist

Application Specialist Salary £31,500 per annum...

Junior IT Desktop Support Analyst

This is a fantastic opportunity to work for a dynamic...

Test Analysts

Test Analysts At Novacroft, we work in partnership...
To send to more than one email address, simply separate each address with a comma.