Charities breached data rules over unencrypted computer thefts

Sheffield-based charity Asperger’s Children and Carers Together (ACCT) and Nottingham-based charity Wheelbase Motor Project both breached the Data Protection Act by failing to encrypt computers that contained sensitive information relating to young people, the Information Commissioner’s Office (ICO) said today.

Both incidents occurred when the devices were stolen.  Asperger’s Children and Carers Together reported the breach after an unencrypted laptop, containing personal data relating to 80 children who attended its sessions, was stolen from an employee’s home in December last year.

The laptop was being used to store medication information as well as children’s names, addresses and dates of birth.

Wheelbase Motor Project also reported the breach after the theft of an unencrypted hard drive from the charity’s offices. The device contained personal information relating to 50 young people and included some details about past criminal convictions and child protection issues.

Acting Head of Enforcement, Sally-Anne Poole said:

“The ICO’s guidance is clear – any organisation that stores personal information on a laptop or other portable devices must make sure that the information is encrypted. Information about young people’s medical conditions or criminal convictions is obviously sensitive and should have been adequately protected.”