Two local authorities in London have been fined by the Information Commissioner’s Office after losing sensitive data of 1,000 citizens.
Ealing Council and Hounslow Council were fined £80,000 and £70,000 by the data regulator respectively, after two laptops containing unencrypted personal data were stolen from an employee’s home.
Interesting Links
ICO issues first ever fines Hertfordshire County Council and recruitment services provider A4e become the first to be fined for data breaches by the Information Commissioner
EU unveils proposed updates to data protection law Proposed revisions to Data Protection Directive include the “right to be forgotten” and standardising enforcement across the Union
The laptops were used by council staff working from home to provide an unnamed out-of-hours shared service on behalf of both West London authorities. The computers contained sensitive data belonging to 1,000 individuals in Ealing and 700 in Hounslow.
Both laptops were password protected, but the data in question was not encrypted, leaving the council in breach of ICO rules. However, the ICO says there is no evidence to suggest any personal data has been accessed.
The monetary fines are the third and fourth that the ICO has imposed so far. In November, it made Hertfordshire County Council £100,000 after the Home County authority faxed sensitive data to the wrong recipients. In the same month, it doled out a £60,000 penalty to training company A4e, when it too misplaced a laptop containing unencrypted personal information.
