West Berkshire County Council slammed for second security incident in six months

ICO criticises the council for use of unencrypted, non-password-protected USB stick

Unencrypted, non-password-protected USB stick caused West Berkshire Council data loss

Children’s personal data contained on an unencrypted and non-password-protected USB memory stick has been lost by West Berkshire Council (WBC).

The Information Commissioner’s Office (ICO) said the memory stick contained, among other things, “information relating to the ethnicity and physical or mental health of the children”.

WBC chief executive Nick Carter has signed a formal undertaking to ensure that portable and mobile devices containing personal data are encrypted.

WBC staff will be given appropriate training on data protection and IT security relating to the Data Protection Act.

The ICO found that the unencrypted devices were still being used by WBC, even after the council started using encrypted memory sticks in 2006. It also said its inquiries revealed that WBC staff had not had training in data protection issues and that WBC compliance monitoring policies were found to be inadequate.

This is the second data security incident reported by WBC in six months.