Cambridgeshire council loses unencrypted memory stick

The unencrypted memory stick was lost by a council employee and contained sensitive information relating to vulnerable adults. A minimum of six individuals were affected by the loss, said the ICO. Data on the stick included case notes and minutes of meetings about the individuals' support and was saved on an unapproved device. It was used to store information after the member of staff had problems using an encrypted memory stick which the council had previously provided. The breach was reported to the ICO by the council in November 2010 and occurred shortly after Cambridgeshire had undertaken an internal campaign to promote its encryption policy. As part of the policy, employees were asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure. Cambridgeshire has signed a formal undertaking to ensure that all portable devices used by staff are encrypted using appropriate software that meets the current standard. It has also agreed to carry out regular monitoring of its data protection policies and IT security measures. Sally Anne Poole, enforcement group manager at the ICO, said: "While Cambridgeshire county council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check that their data protection policies are continually followed and fully understood by staff. "We are pleased that Cambridgeshire has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed." This article is published by Guardian Professional