UK councils fined for losing unencrypted laptops

Local bodies penalised for failure to encrypt

Ealing Council and Hounslow Council have been fined a total of £150,000 by the Information Commissioners Office (ICO) for losing two unencrypted laptops containing sensitive information.

The laptops, containing the details of around 1,700 individuals, were stolen from an employee's home.

Both laptops were password protected but unencrypted, despite this being in breach of both councils' policies.

Ealing Council provides an out-of-hours service on behalf of both councils, which is operated by nine staff who work from home. The team receive contact from a variety of sources and rely on laptops to record information about individuals.

ICO said there is no evidence to suggest that the data held on the computers has been accessed and no complaints from clients have been received by the data controllers to date. But there was a "significant risk" to the clients privacy, the ICO said.

As a result, the ICO has fined Ealing Council £80,000, and has fined Hounslow Council £70,000. The ICO said Ealing Council breached the Data Protection Act by issuing an unencrypted laptop to a member of staff in breach of its own policies.

These policies have been in place for several years and there were insufficient checks that relevant policies were being followed or understood by staff, said the ICO.

It added that Hounslow Council breached the Act by failing to have a written contract in place with Ealing Council. Hounslow also did not monitor Ealing Councils procedures for operating the service securely.

ICO deputy commissioner David Smith said, Of the four monetary penalties that we have served so far on organisations, three concern the loss of unencrypted laptops. Where personal information is involved, password protection for portable devices is simply not enough."

Join the newsletter!

Error: Please check your email address.

Tags Security ID

Show Comments
[]