Wigan Borough Council in Lancashire has been criticised by the Information Commissioner’s Office (ICO) after it revealed that a laptop stolen from a locked office contained the personal details of 43,000 school pupils.
The data had been downloaded to a laptop by a staff member, and was unencrypted.
The ICO’s head of enforcement, Sally-Anne Poole, said although the Council had a data protection policy prohibiting the transfer of sensitive information to mobile devices, there were no obstacles to prevent staff from doing so.
“This incident could have been averted if the data was simply accessed from the main council computer network,” she said. “Storing large volumes of personal information on portable devices is unnecessarily risky.”
Wigan Council’s chief executive Joyce Redfearn signed an undertaking to encrypt data on portable devices in the future, while staff would receive additional training.