Tuesday, February 9, 2010
Rap over loss of sensitive data
A memory stick with details of vulnerable children and their families was lost by a Sandwell Council worker on the way home, it emerged today.
The incident sparked an investigation by the Information Commissioner and the council has found to be in breach of the Data Protection Act.
The worker had downloaded the data in order to carry out work at home – a breach of council policy – and lost the memory stick, which was not password-protected.
It included sensitive personal information relating to four families, including why children were taken into care or made subject to a Child Protection Plan.
The stick was lost in February and the worker was suspended pending an investigation. She was disciplined, but is still working for the council.
Councillor Ian Jones, who has responsibility for children and young people, has apologised to the families.
“This practice is not within the rules and this is some thing that should never have happened. Officers visited each of the families involved and explained to them what happened and what we were doing about it,” he said.
“The actions of one individual have highlighted the weaknesses in the system and we have done everything possible to address them.”
Allison Fraser, chief executive of Sandwell Council, has had to sign a document to assure the Information Commissioner’s Office that personal data will be kept securely in future.
This includes an assurance that laptops, mobiles and other equipment must be encripted.
See Also:
Most Commented
sport
Play Fantasy Football
Win a manager of the month award, courtesy of prize sponsor Banks's, by signing up today.
lifestyle
Latest dining reviews
Read the latest reviews by the Express & Star's dining out reviewers before you decide where to eat.
entertainment
All the film reviews
Before you plan a trip to the pictures, get our critics' verdicts on all the latest movie releases.
Why are the people we are supposed to trust so careless with our details?
Why is he still working there?
Have I wasted money on a shredder trying to keep safe?
It beggars belief.
Report abuse
Err, its encrypted, not encripted.
But whatever security systems you put in place, unless you take the human idiot out of the equation, no data is ever going to be secure. Good news for ID cards where the PM has already said he doesn’t expect 100% security!
Report abuse
Signing a document will just mean someone will be held responsible. Its a situation that is impossible to police.
No-one should be bringing memory sticks into the office, so its a failure in both directions.
The council needs to lockdown the office pcs correctly otherwise trojans/viruses etc could easily be coming in from the outside world and opening up backdoor access to sensitive data to anyone in the world. People should be fired over this.
Dave
Report abuse
It would be the easiest thing in the world to simply scorn Sandwell Council for ‘incompetence’, but the sad fact is that the more and more sensitive data is stored electronically the more and more opportunities there are for human error or oversight (or even the malign machinations of a rogue employee) to create mayhem of this sort.
That’s why, we should really be asking the wider question of whether government agencies really need to be accumulating the vast amounts of personal information that they are.
We are assured, as always, that the authorities are storing it in the best interests of child protection, law enforcement or whatever. However, sooner or later someone in government may decide to start using all these millions of pieces of personal information for more sinister purposes.
Report abuse
This is a terrible misdemeanour on several levels. Firstly the obvious one being the possible exposure of vulnerable children/families; how those poor families must be feeling I can’t imagine. However, I would question a statement made in the report….’The worker had downloaded the data in order to carry out work at home – a breach of council policy…’; I find it astounding that it is a breach of council policy when it is exposed, however, many council workers (not just in Sandwell) do this day in, day out, just to keep abreast of their workload and I don’t hear the management/hierarchy informing those staff that it is a breach of council policy on those occasions!! Perhaps there are a couple of issues that need to be addressed here; firstly, reduce the workload of the staff to a level that can be carried out in the working day; subsequently they wouldn’t have to take work home with them and so secondly removing the possible ‘breach of council policy’ !!!! There is no denying that this is a terrible thing to have happened; let us hope that the relevant lessons have been learnt by all (staff and management).
Report abuse
You never hear people reporting data being lost from private companies do you? I guess it doesn’t happen.
I agree that it is completely inappropriate for a worker to be taking personal information home on any kind of media regardless of if its encrypted or not, Sandwell Council isn’t the only establishment who have lost data.
The only difference is being in the public sector, its disclosed. People worry about these things, and quite rightly. But in the electronic world we live in, I’m sure much more sensitive and personal data is lost by private industry much more frequently. You just don’t hear about it.
Report abuse
I am a contract project manager/consultant currently working in the NHS (systems and nets)down south,and was previously a head of IT and Data Protection Officer. As is normal practice I use an organisation supplied encrypted lappy and an encrypted stick, my own lap stays home. Nothing, but nothing goes onto any other media.I have worked up and down the country to these rules. Child and Family? frankly horrified, but one has to ask why,what is the pressure behind this to break rules?
Report abuse
Sounds very odd this.. All chidrens data is stored in a online database called ICS. This is web based.
Prolly a couple of letters to parents on the mem stick to be fair nowt else.
Report abuse
Sensitive info should not be taken out of office!end of!!!!!!!
Report abuse
“Allison Fraser, chief executive of Sandwell Council, has had to sign a document to assure the Information Commissioner’s Office that personal data will be kept securely in future.”
You know, the stupidity of some people simply amazes me. You’ve already got removable media with no was not pw-protection, so losing it highlights a security issue..no way. Who’s more responsible..the person losing it or the people responsible for having such lax security in the first place? Plese, Sandwell Council..don’t waste millions answering that.
Report abuse
“The council needs to lockdown the office pcs correctly otherwise trojans/viruses etc could easily be coming in from the outside world and opening up backdoor access to sensitive data to anyone in the world. People should be fired over this.”
Watch the film, ‘Terminator 3′ – Cybernet was designed to fight the virus, but actually IS the virus. Make the most of the internet as we know it, as well as free speach.
Report abuse
It is not beyond the ken of man to keep such data restricted to the main frame (was doing this 20 yrs ago).
Report abuse