An undertaking has been signed by Luton Borough Council following two incidents involving inappropriate handling of sensitive personal data. These incidents occurred after the council failed to implement recommendations made by the ICO for mandatory employee training following earlier incidents. The two more recent incidents involved sensitive personal data that was incorrectly handled by social…
Category: Lost or Missing
Boston Public Schools To Change Student ID Cards After Flash Drive with Information Was Lost by Plastic Card Systems
Oops. Via WBUR, we learn of a breach involving Boston Public Schools. Here’s the statement from BPS’s web site: The Boston Public Schools is changing the design of Boston OneCard student ID badges, changing MBTA CharlieCard assignments and is changing library card numbers for students following a vendor’s loss of a flash drive that contained…
Iowa DHS discloses that backup tape with PHI of former patients at Mental Health Institute and state employees is missing
Rod Boshart reports: Iowa Department of Human Services officials issued an alert Wednesday to former patients at the Mental Health Institute in Independence and hundreds of state employees there and at other state facilities concerning a possible breach of their confidential information. Officials say the information was stored on a backup computer tape that went…
Tepco employee loses info on 22 claiming nuclear compensation redress
Everywhere you go, documents are left on public transportation by employees, it seems: Tokyo Electric Power Co. said Friday that one of its employees has lost documents that include the personal information of 22 individuals who have applied for compensation related to the triple-meltdown crisis at its Fukushima No. 1 nuclear plant, adding that this…
UK: ICO fines Glasgow City Council £150K
The Information Commissioner’s Office (ICO) has issued Glasgow City Council with a monetary penalty of £150,000 following the loss of two unencrypted laptops, one of which contained the personal information of 20,143 people. The serious breach of the Data Protection Act comes after the council was previously issued with an enforcement notice three years ago, following a…
IIROC notifies investment firms and clients after device with personal information lost (updated)
From their press release of yesterday: The Investment Industry Regulatory Organization of Canada (IIROC) deeply regrets the accidental loss of a portable device that contained personal information relating to clients of a number of investment firms. IIROC has taken several measures to notify the firms and their clients and to provide them with support services. As soon as…