London Borough of Sutton has agreed to take action to comply with data security requirements and has signed an Undertaking to assure the Information Commissioner’s Office (ICO) that personal data will be kept securely in future.
The ICO has found London Borough of Sutton in breach of the Data Protection Act after several data security incidents. These included the loss of a paper file which contained personal data relating to 73 individuals receiving social care and the theft of two unencrypted laptops. One laptop contained social care data of 39 individuals and the other contained information relating to nine children being taught by a teacher employed by the council. A package of documents also went missing when a courier used by the council left it with the recipient’s neighbor.
Paul Martin, Chief Executive of London Borough of Sutton has agreed to ensure that portable and mobile devices, including laptops and other portable media used to store and transmit personal data are encrypted. Furthermore, the Borough has agreed to ensure security measures are adequate to prevent unauthorized and unlawful processing, accidental loss, destruction or damage. Staff will also be made aware of, and receive training on, the council’s policy for the storage and use of personal information.
Sally-anne Poole, Head of Enforcement & Investigations at the ICO, said: “It is vital that personal data is handled securely. This is an important principle of the Data Protection Act. I urge all organizations to implement the appropriate safeguards to ensure personal details are stored and processed securely. I am pleased with the remedial action the London Borough of Sutton has agreed to undertake to improve data security.”