7 June 2013
20 143 individuals information has been compromised following the loss of two laptops containing unencrypted information belonging to Glasgow City Council. The laptops were stolen on 28 May 2012.
The personal information on the laptops included the council’s creditor payment history files of over 20 000 people as well as bank account details of over 6000 individuals.
Glasgow City Council had been warned previously, three years prior, following a breach where by an unencrypted memory stick was lost.
After an investigation by the ICO, it has been discovered that of the laptops supplied to the staff at the Council, 74 laptops are unaccounted for and six laptops are known to have been stolen. There is no record of the information held on the 74 laptops and they have never been recovered.
Following the enforcement notice in 2010 the Council have continued with their poor practices, neglecting to follow the regulations of the Data Protection Act and neglecting to secure the information that they hold and are responsible for. The penalty of 150,000 is well deserved.
It is of pronounced importance that information is kept secure. Through the use of the Galaxkey encryption technology this could have been easily avoided.
The ICO encourage the use of encryption software and further details on the ICO approach to encryption can be seen on the ICO website: