PogoWasRight.org

Menu
  • About
  • Privacy
Menu

UK council fined £70,000 for losing highly sensitive data

Posted on May 16, 2012 by pogowasright.org

From the Information Commissioner’s Office:

The London Borough of Barnet has been issued with a penalty of £70,000 for losing paper records containing highly sensitive and confidential information, including the names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people.

The loss occurred when a social worker took the paper records home to work on them out of hours. The social worker’s home was burgled in April last year, and a laptop bag, containing the records and an encrypted computer, was stolen.

The ICO’s investigation found that the council failed to take appropriate organisational measures against the accidental loss of personal data held on paper records. Although the council had an information security policy and some guidance for staff on handling sensitive papers, the measures failed to explain how the information should be kept secure.

Today’s penalty comes after the council signed an undertaking in June 2010 following an earlier incident, during which an unencrypted device containing personal data was stolen from an employee’s home. While the council later introduced a paper handling policy following the undertaking, this policy was not in place at the time of the second loss.

Simon Entwisle, the ICO’s Director of Operations, said:

“The potential for damage and distress in this case is obvious. It is therefore extremely disappointing the council had not put in place sufficient measures in time to avoid this second loss.

“While we are pleased that Barnet Council has now taken action to keep the personal data they use secure, it is vitally important that organisations have the correct guidance in place to keep sensitive paper records taken outside of the office safe. This includes storing papers containing sensitive information separately from laptops.”

View a copy of the monetary penalty

Category: BreachesNon-U.S.

Post navigation

← Ca: Top court to decide if data on work computer is private
EPIC.org: FAA Revises Drone License Procedures, Privacy Petition Still Pending →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • FTC dismisses privacy concerns in Google breakup
  • ARC sells airline ticket records to ICE and others
  • Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed

RSS Recent Posts on DataBreaches.net

  • International cybercrime tackled: Amsterdam police and FBI dismantle proxy service Anyproxy
  • Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
  • N.W.T.’s medical record system under the microscope after 2 reported cases of snooping
  • Department of Justice says Berkeley Research Group data breach may have exposed information on diocesan sex abuse survivors
  • Masimo Manufacturing Facilities Hit by Cyberattack
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy