The Information Commissioner's Office has said Wigan Council breached data-protection law by allowing unencrypted data on school pupils to be downloaded to a laptop.
The laptop was then stolen, holding personal data on most children and young people in Wigan's schools: about 43,000 pupils.
The computer had been stored in a locked office, but not encrypted, according to the ICO. The person who downloaded the data to the laptop was breaching council policy, but there was no block on them doing so.
Joyce Redfearn, chief executive of Wigan Council, has signed an undertaking stating that the council will encrypt data on portable devices in future. Staff will be trained and made aware of the council's policy for storing and using personal data, and the council will ensure staff stick to that policy.
"I strongly advise organisations to avoid instances where employees can download large volumes of personal information," said Sally-Anne Poole, the ICO's head of enforcement.
"This incident could have been averted if the data was simply accessed from the main council computer network. Storing large volumes of personal information on portable devices is unnecessarily risky," she added.
Talkback
As a local government employee, this person would also have access to the National Identity Register if it ever actually happens. It says so in the Act itself. They would then be able to download (and lose) vital identifying information on YOU.
Government, either local, national or EU wide (for all will have access) simply cannot be trusted to hold this data. They have all proved this to us again and again. This is just one more instance for the stack.
Its about time individuals were also made liabe, then maybe they would think twice before misusing our information.
I have access to very personal info and if I had been so stupid I am 100% certain my empoyer would sack me and I might even face charges.
Time to make both the individual and the organisation responsible to the courts
While I agree 100% and affirm that I have been in exactly the same position as you, the chances of getting civil service joint and several liability through the civil service are considerably less than zero. They have been immune from prosecution for anything they do wrong, in any sphere, since time immemorial and are never, ever going to give that up. They are certainly never going to do it to themselves!
"Time to make both the individual and the organisation responsible to the courts"
We are, private organizations are, so why not civil servants? besides where did they get this idea that they where above the law? Id challenge it.
Its a simply process of putting it into a clause of the contract when both civil servants and elected politicians get the job, YOU WILL BE HELD ACCOUNTABLE FOR YOUR ACTIONS! BY THE BRITISH PUBLIC.
Hell this could work for loads of things across all industry's, see its not so hard is it.
CA: "We are, private organizations are, so why not civil servants? besides where did they get this idea that they where above the law?"
I guess that would be when they wrote the laws in the first place ;-)
We can have policies until they come out of our ears but until such time as people adhere to them and believe in following the set processes, nothing will change from a human perspective.
The one thing that is however more than capable of at least being able to restrict simple breaches such as the one at Wigan, is technology. If you deploy the correct technology then you are able to control the amount of data that can be downloaded to a PC or any portable device, or even control as to who has access to what.
Secondly, if you use technologies such as SSL VPN devices you can enable employees to access such data remotely as and when needed via a secure portal. It therefore avoids the need to have to download the data to a device that could potentially be compromised.
And presumably the policy will be that despite the fact that it adds a couple of seconds of their valuable lives onto the time taken to get to the info they want, they must not bypass the security technology.
Purely technological solutions to largely human problems are very seldom effective. The core issue here is not the kit or the security policy, it is that we are all just numbers to the bureaucrats and petty officials that seem to have access to every aspect of our lives these days. While they look at us as sheeple to be counted and filed, rather than human beings with hopes and dreams of our own, they will not take the requisite care of the wealth of highly personal information they have access to.The big question is how do you persuade these arrogant pen pushers that we are not theirs to command and shuffle at will, but that they are our servants; that they are given an almost sacred trust when handed access to our innermost private information.
Fix that one and we'll all be eternally grateful !!