ICO raps knuckles of Cambridgeshire County Council

The Information Commissioners Office (ICO) has had its claws out this week, finding both Cambridgeshire County Council and the Passport service in breach of regulations.

Today the watchdog bared its teeth at the council after it admitted that an unencrypted memory stick, which contained sensitive information relating to vulnerable adults, was lost by an employee.  

A minimum of six individuals were affected by the loss of the stick, which included case notes and minutes of meetings about the individuals’ support and was saved on the unapproved device.

The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.

Ironically the breach, which was reported by the council in November last year, happened shortly after Cambridgeshire had undertaken an internal campaign to promote its encryption policy. As part of the policy, employees were asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure.

Sally Anne Poole, enforcement group manager at the ICO, said: “While Cambridgeshire county council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check that their data protection policies are continually followed and fully understood by staff.

“We are pleased that Cambridgeshire has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.”

However, it’s not just Cambridgeshire which is getting a rough time of it. Earlier this week the watchdog also growled at the The Identity and Passport Service (IPS), which it claims breached the Data Protection Act by losing the passport renewal applications of 21 people.

The loss, which occurred in May 2010, was the fault of the part of the passport office that was responsible for processing the applications and missing details included the personal data of both the applicants and their countersignatories.

Graciously all of the individuals affected were informed and offered new passports with the IPS claiming that it hadn’t had any complaints following the incident.

Mick Gorrill, head of enforcement at the ICO, said: “A passport is an important identification document and it is clearly of concern that information relating to renewal applications has been lost.

“However, there is no evidence to suggest that the applications have fallen into the wrong hands and we are pleased that the Identity and Passport Service is taking steps to stop this happening again.”