Laptop theft leads information watchdog to act against Scottish council

Written by Colin Marrs on 3 May 2016 in News

The information watchdog has threatened a council with court action unless it implements data protection training and guidance.

West Dunbartonshire Council has been repeatedly warned by the Information Commissioner’s Office about introducing staff training, and has been advised to put in place a policy around home working.

However, its failure to do so has been linked to an incident where details of an adoption case were lost after an employee had a laptop and paperwork stolen from their car overnight.

Related content

Department for Education axes school spelling test after it was leaked online
Cybersecurity in the Government: Managing the ongoing challenge of insider threats

Ken Macdonald, assistant information commissioner for Scotland, said: “Time and time again we have told this council to make these changes, and yet they have still not completed everything we set out. We’ve been left with no choice but to issue this formal notice requiring them to act.

“Let’s be clear, what we’re asking for here is a basic requirement for an organisation that is trusted with large amounts of local people’s personal data. When people in Dunbartonshire provide the council with their details, they expect staff are trained to handle this information properly.

“Unfortunately, more than three years after this was made clear to the council, this still hasn’t happened.”

The ICO carried out an audit of the council in January 2013 which gave a reasonable assurance of the council’s compliance with the law, but recommended areas needing improvement.

However, a follow-up audit in November that year found that some recommendations had still not been implemented.

When the laptop and paperwork were stolen in July 2014, it turned out that the employee had not been given training on the Data Protection Act. However, the council avoided a fine at that time because the breach did not cause substantial damage or distress.

Share this page



Please login to post a comment or register for a free account.

Related Articles

Nuclear clean-up agency seeks £2m-a-year partner to help improve cyber-resilience
11 May 2022

Specialist firm sought to help identify areas where security could be bolstered

Boardrooms ‘lack understanding of cybersecurity’, government report finds
5 May 2022

An annual study has identified core technical and incident-response skills gaps

Researchers detect ‘multiple spyware infections’ of Downing St and FCDO since 2020
19 April 2022

Canadian academics claim that attack on No. 10 using Pegasus software was launched from the UAE

Information commissioner: ‘Many cyber issues are preventable’
13 April 2022

Head of data watchdog urges public bodies to ensure ‘vigilance’ after revealing that successful phishing attacks represent an increasing number of cyber incidents