Criticism over county's lost data

SENSITIVE personal information relating to an unidentified number of children and families in West Sussex has been lost, leading to a breach of the Data Protection Act, West Sussex County Council was told at a meeting on Friday.

The issue was raised by Cllr Morwen Millson, who said that not everything had been done to ensure that personal data was secure.

She was referring to recent criticism of the county council by the Information Commissioner relating to the breach and loss of personal information after a laptop was stolen from a home worker in a burglary.

Hide Ad
Hide Ad

"Can the leader confirm whether she agrees with me that despite my receiving a categorical assurance in 2008 that everything possible has been done by the council to ensure people's data is secure, this has clearly not been the case?" Cllr Millson demanded.

Cllr Millson also asked for an explanation why, despite having encrypted removable media available for staff, no measures were put in place to ensure their use - and for details of action taken to ensure staff already issued with laptops had had adequate formal data protection/IT security training.

Leader Cllr Louise Goldsmith warned the council that new developments in technology needed 'constant vigilance' and higher levels of data protection to be achieved.

Cllr Goldsmith explained that in this case, a laptop was stolen from a home worker in a burglary. The data was password protected, but this particular laptop had not been identified as requiring any higher level of encryption.

Hide Ad
Hide Ad

"There is, however, a renewed commitment to extend and accelerate the encryption programme," she told the council.

In 2008, the council's focus was on ensuring equipment likely to hold sensitive information was made secure.

"As a result of this latest case, the county council will no longer rely on identifying these 'by exception' but instead encrypt all laptops," said Cllr Goldsmith.

The broader issue of 'removable media' such as memory sticks had been addressed, and all employees had been instructed to use only encrypted sticks provided by the council.

Hide Ad
Hide Ad

The watchdog, ICO, found that personal information about an unknown number of children involved in childcare proceedings was taken from the home of an employee. The laptop was unencrypted and inquiries revealed that the employee had received no formal training on data protection or IT security.

Read the full report in the West Sussex Gazette.