ICO fines councils for data loss

Two local councils in the UK have been issued with large fines by the data security watchdog following the loss of unencrypted laptops.

The UK’s Information Commissioner (ICO) issued Ealing Council and Hounslow Council with fines for breaches of the Data Protection Act.

The two Councils were fined £80,000 and £70,000 respectively after two unencrypted laptops, containing the details of around 1,700 individuals, were stolen from the home of an employee.

The ICO has now issued four fines for data breaches.

Sources say that Ealing Council had in place a data encryption policy but it was not rolled out across the entire organisation.

Mark Fullbrook, information security expert with Cyber-Ark, commented: “It’s good to see the ICO stick to its word and continue to fine those in serious breach of the Data Protection Act.”

“Given both councils chose to ignore the warning signs, it’s quite clear that more needs to be done to ensure that organisations take data protection more seriously. Fines certainly act as a wake-up call to those involved, but education is absolutely essential if staff are to understand the pitfalls that can ensue from poor data protection policies.

Lockton warned in a new whitepaper (attached right) that organisations which prefer not to notify data breaches are living on borrowed time.