ICO issues more fines for unencrypted laptops

The Information Commissioner (ICO) has fined both Ealing and Hounslow Councils for failing to encrypt laptops used by home workers which contained personal data.

Ealing Council operates an out of hour’s service on behalf of both itself and Hounslow council, which is supported by nine home workers. The home workers are issued laptops from Ealing council to carry out their work which involves recording personal data of clients who use the service. Two laptops, which contained personal data of 1,700 individuals (1,000 pertaining to Ealing Council and 700 to Hounslow Council), were stolen from the home of one of the home workers.

The laptops were password protected but they were unencrypted which is in breach of both council’s policies. Although there is no evidence to suggest that any of the data has been used inappropriately, the ICO viewed this breach as a significant threat to the privacy of the clients.

Ealing Council was fined £80,000 for issuing an unencrypted laptop in beach of its own policy whilst £70,000 was deemed appropriate for Hounslow Council for failing to have a written contract in place with Ealing Council.

The affected individuals were contacted following the breach.

These recent fines bring the total number of monetary penalties issued by the ICO using his new powers to four, three of these being for unencrypted laptops. It is important for organisations to note that password protection is not considered sufficient to protect personal data held on laptops or indeed other mobile media devices.

Comments are closed.