Cambridgeshire County Council has become the latest local authority to contravene the Data Protection Act after losing sensitive information.
Data protection watchdog the Information Commissioner's Office (ICO) said that the council lost an unencrypted memory stick containing personal information on at least six "vulnerable adults".
The unapproved memory stick was used after the employee in question had difficulty using the USB stick provided by the council, according to the ICO.
To make matters worse, the breach occurred just after the council had launched an internal campaign designed to highlight the importance of personal information.
"While Cambridgeshire County Council clearly recognises the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check that their data protection policies are continually followed and fully understood by staff," said ICO enforcement group manager Sally Anne Poole.
"We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures, and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed."
The local authority will be pleased to escape the fines that the ICO is imposing with greater regularity.
Earlier this month, Ealing Council was fined £80,000 after losing the details of almost 1,000 clients, while Hounslow Council was fined £70,000 after losing the details of 700 clients.
Elwyn Jones, vice president of public sector at IT services firm Mastek, argued that public sector firms don't seem to be learning from their mistakes.
"Many organisations, are not paying enough attention to their responsibilities when it comes to the protection of sensitive identity based data, despite the regulatory mandate in place compelling the likes of local authorities to do so," he added.
"Competing priorities so often supersede these duties and it is astonishing that data is still lost or leaked on such a regular basis, especially when pseudonymisation and anonymisation tools exist that can take the responsibility for data protection out of human hands."
Use the same password for every website? It might be time to change them all
Applicants for parking bay suspensions put at risk of credit card fraud by Islington Council
Robert Swan appointed interim CEO after Brian Krzanich's departure
Should you link your data sets to add value, or leave them separate to reduce risk?