DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Council breached Data Protection Act by losing flash drive with unencrypted information

Posted on February 23, 2011 by Dissent

Cambridgeshire County Council breached the Data Protection Act by losing a memory stick containing sensitive data relating to vulnerable adults, the Information Commissioner’s Office (ICO) said today.

The ICO was informed by the council in November 2010 that an employee had recently lost an unencrypted memory stick containing personal data relating to a minimum of six individuals. The information included case notes and minutes of meetings relating to the individuals’ support and was saved on an unapproved memory stick. The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.

The breach occurred shortly after the council had undertaken an internal campaign aimed at promoting its encryption policy. During this time employees had been asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure.

Sally Anne-Poole, Enforcement Group Manager at the ICO, said:

“While Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff.

“We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.”

Mark Lloyd, Chief Executive of Cambridgeshire County Council has signed a formal undertaking to ensure that all portable devices used by the council are encrypted using encryption software that meets the current standard. The council has also agreed to carry out regular monitoring of its data protection policies and IT security measures in order to ensure that they are being followed by all staff.

A full copy of the undertaking can be viewed here:
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings

Source: Information Commissioner’s Office

Category: Breach IncidentsGovernment SectorLost or MissingNon-U.S.

Post navigation

← UK: Met called after hackers send obscene emails from university database
CA: Chapman University students’ personal information leaked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report