- Kable, Monday 21 December 2009 11.06 GMT
The department has been made to sign a formal undertaking to improve data security after it had 12 laptops stolen, two of which contained personal data on approximately 37,000 people. This included payroll, employment and health data, although not all records contained these categories.
The ICO said this amounted to a breach of the Data Protection Act (DPA). Assistant information commissioner Mick Gorrill said: "This was a major data security breach involving many thousands of people's personal information. Storing large volumes of personal information on portable devices is unnecessarily risky."
The ICO has also found Shropshire Council to be in breach of the DPA following the loss of an unencrypted memory stick containing sensitive information relating to a large number of adult social care clients and members of staff.
It contained a social care management database and was lost during a postal transfer from the council's office to a contractor in Cardiff. The ICO also said the records were excessive for their purpose and out of date.
The council has had to sign an undertaking to ensure databases only contain relevant and up to date information, and that it is only transferred to portable devices when absolutely necessary.
Staff
You have characters left
Please read our community standards.
Closing this window without pressing "Post your comment" will result in your words being lost.
Are you sure?
Thank you for your comment. This has been submitted for moderation.
Your comment has been successfully posted.
Sorry, something has gone wrong and this action cannot be completed. Please try again later.