Phoenix Nursery School in Wolverhampton ran afoul of the Data Protection Act when an unencrypted backup tape containing names and addresses of 70 pupils and their parents or guardians was stolen, the Information Commissioner’s Office (ICO) said today. The tape also contained a small amount of information relating to the health of several pupils.
According to a statement from the school, the backup tape and its supporting device were located in the school’s office, which was kept locked when not in use. The disappearance was noted when staff went to rotate the backup device with a second backup device as part of a weekly routine.
No other items were missing and there was no sign of forced entry. Despite numerous searches, both in the office and around the school, the device was not recovered. The school subsequently contacted all parents and guardians affected by the incident to advise them accordingly.The device has never been recovered.
The loss was reported to the ICO on April 5, 2011.
The school has now agreed to improve their procedures for handling personal information and will make sure their staff are trained on how to follow them.