• Government departments speed up FOI response times – but six new public authorities told to improve
  The Information Commissioner has today welcomed improvements by the Ministry of Defence (MoD) and the Cabinet Office in their response times to freedom of information (FOI) requests. But, six more public authorities, including the Welsh Government, have been required to sign undertakings committing them to speeding up the time it takes to respond to requests.

• Scottish charity signs ICO undertaking following personal data theft
  A Scottish charity – based in Glasgow – breached the Data Protection Act after two unencrypted memory sticks and papers containing the personal details of up to 101 individuals were stolen from an employee’s home.

• University published personal data in online training manual
  Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website, the Information Commissioner’s Office (ICO) said today.

• Letting agent unlawfully tried to access tenant’s benefit details
  A letting agent who unlawfully tried to obtain details about a tenant’s finances from the Department for Work and Pensions (DWP) has been found guilty of an attempt to commit an offence under section 55 of the Data Protection Act and the Criminal Attempts Act.

• Council fined for serious email disclosure
  Cheshire East Council has been ordered to pay a monetary penalty of £80,000 for failing to take appropriate measures to ensure the security and appropriateness of disclosure when emailing personal information, the Information Commissioner’s Office (ICO) said today.

• Councils fined for serious data breaches
  The ICO has served monetary penalties totalling £180,000 to two councils for failing to keep highly sensitive information about the welfare of children secure. These latest penalties bring the total amount served by the ICO to organisations found in serious breach of the Data Protection Act to over one million pounds.

• ICO statement on Devolution minutes
  The ICO has published a response to the government’s decision to veto disclosure of minutes from the Cabinet Committee on Devolution.

• Plain English Guide to FOI launched
  The Information Commissioner has today published a new plain English Guide to Freedom of Information to help public authorities better understand what the Act says and how to apply it. The guide takes a straight-forward look at the law and explains in simple terms what organisations need to do to comply, including how to respond to requests and deciding what information they should routinely publish.

• Too many consumers being denied access to their information, says ICO
  Too many consumers are being denied the right to access the information that companies or public bodies hold about them, Information Commissioner, Christopher Graham, said today.

Praxis Care Limited lost the unencrypted material last August but the details have just emerged.

A care provider has lost a memory stick that held sensitive personal information about 53 people from Northern Ireland.

Praxis Care Limited lost the unencrypted material last August but the details have just emerged.

The company has been found to be in breach of the Data Protection Act and has been ordered by the Information Commissioner to improve its procedures.

All of those whose information was on the memory stick have been informed.

It was lost on the Isle of Man and also contained information about 107 people who live on the island.

Some of the information on the memory stick related to patients’ care and mental health.

The company now ensures all portable devices are encrypted and has updated its method of disposing of sensitive material.

Christopher Graham, the UK Information Commissioner, said: “Carrying people’s personal information around on an unencrypted memory stick is clearly unacceptable.

“The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.

“The ICO will continue to work closely with other data protection regulators where it is clear that a data breach extends across national boundaries.”

In a statement, Praxis Care said: “Praxis Care can confirm it has agreed with the Information Commissioner measures to improve data security following the loss of service user information in August 2011 on the Isle of Man.

“The main element of the undertaking confirms the measures taken shortly after the incident to encrypt data and improve data handling.

“The data loss was promptly reported to the relevant authorities including the Information Commissioner. All service users affected were informed of the details of the lost information and received an apology from Praxis Care.

“Praxis Care is confident that the measures taken will greatly reduce the risk of future information loss.”

Note from the editor: Ensuring your portable data is encrypted is very simple and extremely cost effective. Consider the time / costs of having to inform all concerned and the potential of hefty fines from the ICO against the cost of a few IRONKEYS. Also, organisations should consider the potential damage to their reputation which could far exceed the cost of data breach remediation.

BACK to IRONKEY NEWS