This article is also available in:
Deutsch: ICO geht gegen Verluste persönlicher Daten in Großbritannien vor
After UK Information Commissioner's Office (ICO) has found Wigan schools in breach of the Data Protection Act following a theft of a laptop with personal information on about 43 000 children and young people, the Wigan council has agreed to sign an Undertaking to take the necessary measures to comply with the law.
The stolen laptop was stored in a locked office but it was not encrypted and the data on it was not protected. By signing the Undertaking, the Wigan Council has agreed to ensure the encryption of all portable and mobile devices, including laptops used to store and transmit personal data. The commitment includes the training of the staff regarding the data storing policy and the obligation of the staff to adhere to that policy. Additional appropriate data protection measures will also be implemented.
This is just one of the many cases of personal data losses during the last few years in UK and Ireland. In the case of August 2008 of the loss by PA Consulting of a memory stick containing personal data on prison population and offenders, it has come out that the amount of lost data was much higher than first stated.
Through its Resource Account for 2008-2009, the Home Office has admitted the lost device was not containing data on 127 000 people as initially believed but actually it contained data on about 377 000 people, the additional 250 000 being data on users of the Drug Interventions Programme. These users are recorded only by their initials, rather than their full names, thus the personal data being limited in nature.
The Information Commissioner Christopher Graham has also expressed his opinion that the courts and the Parliament are to blame for the leakage of personal information that was discovered during an investigation carried out by ICO's Motorman into the activities a private investigator's activities.
The investigation has revealed 17 500 requests from about 400 journalists to the private investigator for private information on political personalities, celebrities or security personnel. The information thus obtained was used by the journalists to publish various articles based on it.
Graham said that to obtain and sell personal data without permission as well as to publish stories based on the data obtained by deception was in breach of the Data Protection Act which says that organisations must guard against unlawful data processing. He reminded the House of Commons Select Committee on Culture, Media and Sport, that the ICO already revealed the problems of the trade in personal data in 2006, in a report "What Price Privacy Now?", but that no action had been taken by the authorities.
"We were let down by the courts, who didn't seem to be interested in levying even the pathetic fines they had at their disposal; we were rather let down by parliament in the end, with no legislation; and we were let down by the newspaper groups, which didn't take it seriously," said Graham.
ICO Press Release - Wigan Council improves security after details on most
school children are stolen (2.09.2009)
http://www.ico.gov.uk/upload/documents/pressreleases/wigan_020909_fina...
Home Office coughs to larger data loss (28.08.2009)
http://www.theregister.co.uk/2009/08/28/home_office_data_loss/
Drug records added to data loss (26.08.2009)
http://www.kable.co.uk/home-office-data-loss-26aug09
Courts and Parliament 'let us down' on personal data trade, says privacy
watchdog (2.09.2008)
http://www.out-law.com/page-10349
Data Protection Act 1998 - Undertaking by Wigan Council as data controller
http://www.ico.gov.uk/upload/documents/library/data_protection/notices...
Home Office Resource Accounts 2008-09 (21.07.2009)
http://www.official-documents.gov.uk/document/hc0809/hc04/0466/0466.pd...
EDRI-gram: UK Watchdog asks the European Commission to adopt security breach
law (10.09.2008)
http://www.edri.org/edrigram/number6.17/ncc-security-breach-law