Wigan at the heart of another data loss scandal

Local newspapers in Wigan are reporting another breach of data security at the Metro council, just months after a major breach saw the loss of personal records relating to approximately 43,000 children in the borough.

At the time of the previous data security breach in September 2009, Council chiefs said they had signed an Undertaking, and confirmed, 'The organisation will take a number of steps to improve data security.'

According to this week's reports, personal details of over 200 disabled people living in the Metro area of the city have been lost when an unencrypted memory stick went missing; however, council officials are yet to confirm the data was lost on a train. Whilst financial details and addresses of the individuals are understood not have been on the stick, names, dates of birth, ethnicity, type of disability, some national insurance numbers, plus employment details apparently were.

Chris McIntosh, CEO of hardware encryption specialist Stonewood, had the following to say on the subject: 'That the data involved was stored on an unencrypted memory stick in defiance of Wigan Council's own guidelines shows that more education of its employees is needed. While Wigan council states that all personal data on council laptops must be encrypted, evidently without rigorous enforcement of its own rules these incidents will continue to happen.'

'Organisations need to encrypt their data at all times, whether it is on a central computer, a laptop or a memory stick: in this way, they can be certain that, even if the data is lost, it can't be used for malign purposes. It is good to see that Wigan Council is now extending its encryption programme, but sad that its hand was forced by these two incidents.'

"The ICO takes breaches of individuals' privacy very seriously. Any organisation which processes personal information must ensure that adequate safeguards are in place to keep that information secure. This is an important principle of the Data Protection Act," an ICO spokesperson commented to PublicTechnology.net. "This is the second time that a breach involving personal data at Wigan Council has been reported to us. We will be looking into how this data breach occurred and establishing the full facts. If organisations fail to treat people's personal information securely, they risk losing the confidence and trust of the public.'