Five more councils breach Data Protection Act

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.guardian.co.uk/government-computing-network/2012/feb/10/data-breach-ico-five-councils

Information Commissioner's Office censures Basingstoke & Deane,
Brighton & Hove, Dacorum, Bolton and Craven councils for data breaches

The Information Commissioner's Office has found that five local
authorities have breached the Data Protection Act by failing to
protect personal information about citizens.

Basingstoke and Deane borough council breached the Data Protection Act
on four times over two months in 2011. In one incident, which occurred
in May, an individual was mistakenly sent information relating to 29
people who were living in supported housing.

The council has since signed an undertaking committing it improving
its handling of private information.

In July last year a member of staff at Brighton and Hove council
emailed personal details about another council employee to 2,821
council workers. The ICO said that in the previous year a "third
party" had informed it about the theft of an unencrypted laptop
belonging to the council from the home of a temporary employee.

Brighton and Hove has now given a commitment to ensure that the
personal information they process is secure, including making sure
that all portable devices used to store personal data are encrypted.

According to the ICO, similar undertakings have also been signed by
Dacorum borough council, Bolton council and Craven district council.
It has also issued an enforcement notice to Staffordshire county
council over its mishandling of a subject access request.

Information commissioner Christopher Graham said: "At a time when
councils are increasingly working with community partners, when data
is shared it is vital that they uphold their legal responsibilities
under the Data Protection Act. Failures not only put local residents'
privacy at risk, but also mean that councils could be in line for a
sizeable monetary penalty.

"We must also consider the detrimental impact these breaches continue
to have on the individuals affected. Disclosing details about
someone's social housing status can be upsetting and damaging for
those affected. To help tackle this issue I've submitted a business
case to the government to ask for them to extend my compulsory audit
powers."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/