Insufficient data protection and encryption leaves local council data vulnerable to misuse.
Middlesbrough Council has lost nine laptops containing sensitive case files on up to 63 vulnerable children and their families after a break-in at its premises. Previously used by social workers, the laptops were protected with passwords and some encryption. The Council has since stated that it would contact the individuals most at risk.
Jamie Cowper, Director of Marketing EMEA at data protection expert PGP Corporation, has made the following comments:
“While this theft may have been entirely opportunistic, with the laptops already sold on, Middlesbrough Council now has to publicly justify itself because there’s still the risk that the sensitive data they contain could fall into the wrong hands. And though it appears that some attempt has been made to protect the data, the fact that they can’t say for sure exactly how strong that protection is will hardly inspire confidence in the parents of the children affected.
We see this ad hoc approach to data protection repeated again and again in both the public and private sector, but it really must stop. At the very least, organisations should be looking to invest in a robust, managed encryption solution so that if hardware does go missing, they’ll at least be able to rest assured that the data on board stays protected and safe.”
