The Association of School and College Leaders (ASCL) breached the Data Protection Act in May 2011 when a laptop - containing sensitive personal data - was stolen from an employee’s home in Yorkshire. The ICO’s enquiries found that, while the laptop had encryption software installed on it, the decision on whether to encrypt individual documents was left to the employee. At the time of the theft the laptop included unencrypted personal information relating to approximately 100 individuals, including details of their membership of the union and in some cases, details of their physical or mental health.
In a similar incident, Holly Park School in Barnet breached the Act when an unencrypted laptop was stolen from an unlocked office at the school on 1 May. The device contained details of pupils’ names, addresses, exam marks and some limited information relating to their health. After investigating the breach the ICO also discovered that the school had no data protection policy in place at the time of the theft.
Two organisations have taken action after they breached the Data Protection Act by failing to encrypt personal information on laptops that were later stolen, the Information Commissioner’s Office (ICO) said today.
