View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 28, 2011

ICO criticises Newcastle Youth Offending Team over DPA failure

Unencrypted laptop was stolen from contractor's home

By Steve Evans

The Information Commissioner’s Office (ICO) has rapped the Newcastle Youth Offending Team after an unencrypted laptop was stolen, potentially compromising the personal details of 100 young people.

The incident occurred in January this year when a laptop was stolen from the Northumbria home of a contractor who had been working on a youth inclusion programme on behalf of the Team.

The Newcastle Youth Offending Team had failed to encrypt the laptop. The data on it contained names, addresses, dates of birth and the names of the schools the young people attended, the ICO said.

The ICO found that although the Newcastle Youth Offending Team had a contract in place with the contractor it failed to ensure that its employees were complying with necessary security measures.

The organisation has agreed to take reasonable steps to ensure all data processors contracted to act on its behalf comply with the Data Protection Act. It will also ensure all portable and mobile devices, including laptops, are encrypted

Sally-Anne Poole, acting head of enforcement at the ICO, said: "Encryption is a basic procedure and an inexpensive way to ensure that information is kept secure. But, to their detriment, not enough data handlers are making use of it."

"This case also highlights how important it is to ensure that watertight procedures are in place before any work is undertaken by contractors," she added. "Organisations shouldn’t simply assume that third parties will handle personal data in line with their usual standards. I’m pleased that Newcastle Youth Offending Team has learned lessons from this incident and hope that it encourages others to heed our advice."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Chris McIntosh, CEO ViaSat UK, added: "In light of MPs’ desire to see jail time for those dealing in stolen data, both the public and private sector must ensure that the data in their care is fully protected and that users are completely aware of the procedures and risks involved."

"As vital tasks become shared across more and more organisations, it is imperative that bodies such as city councils and youth offending teams control not only their own data protection policies but also those of any contractors. Indeed, data security should form a key part of any contract that is signed and should be monitored rigorously with failure to comply being met with hefty penalties. Otherwise, contractors that show a flagrant disregard for security will be a continuing weak link for a public sector desperately improving its data protection," he added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU