Rochdale Metropolitan Borough Council has become the latest local authority to be named and shamed after it lost an unencrypted memory stick that contained the details of 18,000 residents. According to ComputerWeekly.com, the Information Commissioner’s Office (ICO) has found the council in breach of the Data Protection Act but is not enforcing a monetary penalty because the information held on the USB device was not enough to cause substantial distress to individuals in the community.
Although the information was mostly already publicly available, this breach is further proof that these security risks are genuine and that organisations everywhere need to take real steps to prevent this type of loss from reoccurring. The ICO found that like many other companies and organisations, Rochdale did not have adequate security, like encrypted memory sticks, or data protection training for its staff. And these measures are just the bare minimum of what should be done.
This time, Rochdale has been lucky. But as these breaches become more common and the ICO has more tools at its disposal, organisations should evaluate how they protect electronic personal information.