07.06.13
Glasgow data breach ‘beggars belief’ – ICO
The Information Commissioner’s Office (ICO) has fined Glasgow City Council £150,000 for failing to protect personal data and breaching the Data Protection Act.
The fine follows the loss of two unencrypted laptops, one of which contained personal information on 20,143 people. A further 74 unencrypted laptops remain unaccounted for, with at least six known to have been stolen.
The ICO served the council with an enforcement notice requiring a full audit of IT assets used to process personal data, and for staff to receive asset management training. Glasgow City Council must also carry out full checks of all devices each year.
Ken Macdonald, the ICO’s Assistant Commissioner for Scotland said: “How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief. The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.
“Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost. To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow. The council should be held to account, and the penalty goes some way to achieving that.”
Tell us what you think – have your say below, or email us directly at [email protected]