Personal records held on laptops and portable storage should be encrypted at all times the Information Commissioner’s Office (ICO) has said after two educational organisations lost computers containing unsecured data.
In the first incident from earlier of this year, an employee of the Association of School and College Leaders (ASCL) had a laptop containing details of 100 union members stolen during a burglary, while in the second a laptop full of pupil data was lost from Holly Park School in Barnet.
The school in question turned out not have a data security policy that mandated the use of encryption while the ASCL did have such a policy but left its implementation up to employees.
“The ICO’s guidance is clear: all personal information – the loss of which is liable to cause individuals damage and distress - must be encrypted,” said the ICO’s acting head of enforcement, Sally Anne Poole.
“This is one of the most basic security measures and is not expensive to put in place - yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily,” she added.
Both organisations have undertaken to correct the Data protection Act lapses with encryption being applied to all portable storage devices in addition to laptops.