Cambridgeshire County Council breached the Data Protection Act by losing a memory stick containing sensitive data relating to vulnerable adults, the Information Commissioner’s Office (ICO) said today.
The ICO was informed by the council in November 2010 that an employee had recently lost an unencrypted memory stick containing personal data relating to a minimum of six individuals. The information included case notes and minutes of meetings relating to the individuals’ support and was saved on an unapproved memory stick. The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.
Funnily enough, the breach occurred shortly after the council had undertaken an internal campaign aimed at promoting its encryption policy. During this time employees had been asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure.
Mark Lloyd, Chief Executive of Cambridgeshire County Council has signed a formal undertaking to ensure that all portable devices used by the council are encrypted using encryption software that meets the current standard. The council has also agreed to carry out regular monitoring of its data protection policies and IT security measures in order to ensure that they are being followed by all staff.