The ICO has found Sandwell Metropolitan Borough Council in breach of the Data Protection Act after an unencrypted memory stick was lost by an employee. The memory stick, which was not password protected, contained sensitive personal information relating to four families, including why children were taken into care or made subject to a Child Protection Plan.

Alison Fraser, Chief Executive of Sandwell Metropolitan Borough Council has agreed to ensure that portable and mobile devices including laptops and other portable media used to store and transmit personal data are encrypted. Staff will be appropriately trained and made aware of the policy for the storage and use of personal information.

Sally-Anne Poole, Head of Enforcement at the ICO, said: 'It is vital that personal information, the loss of which could cause damage or distress to individuals, is handled securely, particularly in the case where the information is sensitive and relates to children. I am pleased that the council has taken remedial action to improve data security.'