Tuesday, June 23, 2009

Manchester Council Breaches UK's Data Protection Act

Via v3.co.uk (formerly vnunet.com) -

Manchester City Council has lost two unencrypted laptops containing personal details on at least 1,754 employees at local schools.

The Information Commissioner's Office (ICO) confirmed that the council had breached the Data Protection Act, and that it will have to conform to higher standards.

Manchester City Council chief executive Howard Bernstein signed a formal undertaking (PDF) that the council will ensure that all laptops and other removable devices are encrypted and secured, and that only essential personal information is downloaded to mobile devices.

Bernstein also promised to implement an improved training programme covering the security of personal information.

"Organisations must implement appropriate safeguards to ensure that personal details are handled securely and do not fall into the wrong hands," said Sally-Anne Poole, head of enforcement and investigations at the ICO, in a statement.

"We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of staff is embedded in organisational culture."

No comments:

Post a Comment