All the latest UK technology news, reviews and analysis

ICO fines Glasgow Council £150,000 over lost laptop exposing 6,000 bank account details

07 Jun 2013
George Square Glasgow

Glasgow City Council has been fined £150,000 for its slapdash attitude to data protection, having lost 74 unencrypted laptops, including one containing more than 6,000 people's bank records.

The size of the fine hints at the anger within the Information Commissioner's Office (ICO), which had previously slapped an enforcement notice on the council in 2010 following the loss of unencrypted memory sticks.

“How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief,” said Ken Macdonald, the ICO assistant commissioner for Scotland. “The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.”

While the ICO had concerns over the sheer number of unencrypted laptops going missing at the council, it was further angered by the loss of two in May last year. In that case, one of the laptops contained personal data relating to more than 20,000 people, and bank details for more than 6,000.

According to the ICO, the laptops were given to two employees who needed to be able to work flexibly. One member of staff locked her laptop in her drawer, while putting the key in her colleague's desk drawer. Unfortunately, that colleague left work putting his own laptop alongside the key, but forgot to lock the drawer. Both laptops were stolen overnight.

The ICO reported that both employees had requested that their laptops be encrypted but the council had not done so.

“Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost. To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow,” railed Macdonald.

The ICO has not found any evidence that the bank accounts have been targeted following the losses.

Last year, the ICO fined Brighton and Sussex University Hospital £375,000 after a contractor stole hard drives from the NHS Trust, although the Trust appealed.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Law
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Tester

Our client is looking for an experienced Senior Tester...

SAS Developer

My banking client is looking for multiple head count...

Business Analyst

My client is currently seeking a Business Analyst to...

Desktop Application Packager

Desktop Application Packager Contract £market rates...
To send to more than one email address, simply separate each address with a comma.