UK: Charities breached data rules over unencrypted computer thefts
The ICO issued the following press release:
Sheffield-based charity Asperger’s Children and Carers Together (ACCT) and Nottingham-based charity Wheelbase Motor Project both breached the Data Protection Act by failing to encrypt computers that contained sensitive information relating to young people, the Information Commissioner’s Office (ICO) said today. Both incidents occurred when the devices were stolen.
Asperger’s Children and Carers Together reported the breach after an unencrypted laptop, containing personal data relating to 80 children who attended its sessions, was stolen from an employee’s home in December last year. The laptop was being used to store medication information as well as children’s names, addresses and dates of birth.
Wheelbase Motor Project also reported the breach after the theft of an unencrypted hard drive from the charity’s offices. The device contained personal information relating to 50 young people and included some details about past criminal convictions and child protection issues.
Deborah Woodhouse, Director and Co-Founder of ACCT, has signed an undertaking to ensure that all portable and mobile devices used by the charity to store personal data will be encrypted. The charity has also agreed to update its existing policies and procedures for the storage and use of personal data and will make sure that its staff receive appropriate training on how to follow them.
Michael Clifford, Chief Executive Officer of Wheelbase Motor Project, has signed an undertaking confirming that the organisation will encrypt all portable and mobile devices used to store sensitive personal information. The organisation will also ensure that their policy and procedures on the handling of personal information are successfully communicated to staff and monitored accordingly.