Oldham school breaches Data Protection Act

gallery

An unencrypted laptop stolen from the boot of a teacher’s car has led to the Information Commissioner’s Office (ICO) getting on the case of a school in Oldham.

The teacher from Freehold Community School left the laptop in a car overnight when parked at home, allowing personal data - including names and dates of birth - of 90 pupils to get into the wrong hands and going against the policy set in place.

However, the ICO said the policy to not keep storage devices in cars away of school premises wasn’t strong enough, as the school admitted it was unaware it needed to encrypt portable equipment.

“It is vitally important that organisations take the necessary precautions to ensure that people’s personal information remains secure,” said acting head of enforcement at the ICO, Sally-Anne Poole.

“The fact that the school was unaware of the need to encrypt the information stored on their laptop shows that many organisations continue to process personal information without having the most basic of security measures in place.”

Yet again though, the ICO has not imposed a monetary fine on the organisation, with a spokesperson telling IT PRO the breach “did not meet the criteria included on our monetary penalty guidance.”

Instead the head teacher of the school, Joyce Willetts, has been made to sign an undertaking to ensure all equipment in the future will be encrypted and teachers will be properly trained in technology security issues.

This week a freedom of information request (FoI) revealed the ICO fined less than one per cent of organisations who breached the Data Protection Act. Out of 2,565 cases referred to them, it only took action over 36 and fined just four.

However, deputy commissioner David Smith told the InfoSec 2011 conference the figures were false and claimed the number of cases reported was much lower.

Email to a friend

Print this page