Stoke on Trent council has been forced to improve its data security processes after privacy watchdog the Information Commissioner's Office was made aware that the local authority had lost personal data on 40 children.
The information, which included court reports and details of proceedings for children in care, was placed on an unencrypted and non-password protected memory stick which was subsequently lost.
The device was found by a member of the public and returned to the council, but the lack of encryption or password protection meant that the information was put at unnecessary risk, said the ICO.
"When handling sensitive personal information, particularly relating to the care of vulnerable children, it is important that authorities put the necessary measures in place to protect this information," said ICO enforcement group manager Sally Anne-Poole.
"This incident occurred before 6 April, so the powers now available to the Information Commissioner to issue penalties of up to £500,000 for serious breaches of the Data Protection Act could not be considered."
Stoke on Trent council has now signed a formal undertaking to improve staff training, and to ensure that encryption is standard on portable devices.
Chris McIntosh, chief executive of encryption vendor Stonewood, argued that the authority is lucky not to have been fined.
"However, future losses will not be so fortunate. The ICO has made clear that it is willing to use these powers, and that fines are imminent," he said.
"Organisations and the general public must wait with bated breath to see what the first fines are, and whether they do indeed turn out to be proportionate to the actual loss."
Allen died from complications of non-Hodgkin's lymphoma
Stanford researchers made the discovery via data from Greenland
Created via a thin, flexible, and transparent hierarchical nanocomposite film
Rolls Royce will use AI powered by Intel's Xeon Gold processors and SSDs for memory