A council has been rapped for failing to protect residents’ private data after the theft of a laptop from a leisure centre.
The Information Commissioner has warned Craven District Council to improve security or risk fines of up to £500,000 for breaking UK data laws.
Christopher Graham’s warning came after the council informed him of the theft of an unencrypted laptop containing a database with child swimming lesson details for 2,300 individuals.
A report by the commissioner’s office said: “The laptop was stolen from a ground level office at the Aireville Swimming Pool, Skipton. This office is protected by several security devices and the police attended the scene within minutes of the office being entered.
“However, the intruder was able to immediately remove the laptop and escape just as the police arrived. This was because the laptop had been left unsecured on a desk in a position where it could be seen from outside the office.”
The report stressed: “The information was not of a nature that would be defined as sensitive personal data in the Act.”
Rather than serve an enforcement notice, Mr Graham has ordered the council to encrypt personal data held on portable and mobile devices and ensure all computers of this type are stored securely when not in use.
Mr Graham said privacy breaches could have a “damaging” impact on individuals.
The council has signed an undertaking to comply with the seventh data protection principle – to ensure that personal information is kept secure in future.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here