From the press release (pdf) from the Information Commissioner’s Office:
The Information Commissioner’s Office (ICO) has found Manchester City Council in breach of the Data Protection Act after the theft of two laptop computers from the Town Hall, one of which contained personal details relating to 1,754 employees at local schools. Neither of the laptops was encrypted nor were they secured to the desks.
A formal Undertaking has been signed by Sir Howard Bernstein, Chief Executive of Manchester City Council. The council must ensure all laptops and other removable devices are encrypted and secured to desks or locked away. The council will also ensure that only essential personal information is downloaded to mobile devices.
Sally-anne Poole, Head of Enforcement & Investigations at the ICO, said: “One of the stolen laptops contained personal details on members of staff in local schools from the Manchester area. The council should handle all personal information, including employment details, in compliance with the Data Protection Act. Organisations must implement appropriate safeguards to ensure personal details are handled securely and do not fall into the wrong hands.
“We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of their staff is embedded in their organisational culture.
“The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure. Manchester City Council recognises the seriousness of this data loss and has agreed to take immediate action. It has also agreed to implement an improved training programme, including regular refresher training for all staff.”
Failure to meet the terms of the Undertaking is likely to lead to enforcement action by the ICO.
A copy of the Undertaking can be downloaded from http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx.