ICO raps Stoke for placing sensitive information on children "at unnecessary risk"

The Information Commissioner’s Office has urged local authorities to put in place appropriate measures when handling sensitive information, particularly when it relates to the care of vulnerable children.

The call was made after Stoke-on-Trent City Council lost a USB memory stick containing sensitive personal information on 40 children in care.

The council has since given the ICO an undertaking that it will improve the security of personal data held on portable media devices.

The watchdog said it had been made aware of the breach of the Data Protection Act after the memory stick was found by a member of the public, before being returned to the council.

The stick – which included court reports and details of care proceedings – was neither encrypted nor password protected.

The ICO acknowledged that there was a legitimate reason for the information being saved on the USB stick. However, it said Stoke had placed the information “at unnecessary risk” in failing to take adequate steps to protect it.

Sally Anne-Poole, enforcement group manager at the ICO, said: “When handling sensitive personal information, particularly information relating to the care of vulnerable children, it is important that authorities ensure the necessary measures are in place to protect this information.

“This incident occurred before 6 April so the powers now available to the Information Commissioner to issue penalties of up to £500,000 for serious breaches of the Data Protection Act, could not be considered.”

Stoke has also agreed to make staff fully aware of the council’s policy for the storage of personal data and to ensure they receive appropriate training on data protection and IT security issues.