Home : Public Sector : News

Manchester Council rapped for data breach

The Information Commissioner has rapped the authority after the loss of laptops containing the details of 1,754 school-based staff.

By Miya Knights, 23 Jun 2009 at 11:16

gallery

The Information Commissioner’s Office (ICO) has found Manchester City Council in breach of the Data Protection Act (DPA) following the loss of two laptops computers from its Town Hall last October.

The two laptops – one of which contained personal details relating to 1,754 employees at local schools – were not data encrypted, password-protected or secured to the desks they were stolen from last October.

As a result, the ICO said that Sir Howard Bernstein, Manchester City Council's chief executive, has signed a formal Undertaking to ensure all laptops and other removable devices are encrypted and secured to desks or locked away.

The Undertaking also mandates that the authority ensures only essential personal information is downloaded to mobile devices.

In agreeing to with the seventh data protection principle – that personal information is secure – Sally-Anne Poole, head of enforcement and investigations at the ICO, added that the council has agreed that it should handle all personal information, including employment details, in compliance with the DPA.

She also stated: “We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of their staff is embedded in their organisational culture.”

Poole said Manchester City Council had recognised the seriousness of this data loss and has agreed to take immediate action.

It has also agreed to implement an improved training programme, including regular refresher training for all staff. And the ICO said any failure to meet the terms of the Undertaking is likely to lead to enforcement action.