IT audit reveals major device loss at Glasgow City Council
Glasgow City Council has lost 750 devices over the last five years according to an IT audit.
According to the Herald, 256 unencrypted laptops and 487 desktop PCs, also thought to be unencrypted, are unaccounted for. These were also lost from an office in the City Chambers which contained about 17,000 bank details. A reported theft in May, which the Information Commissioner is aware of, led to the audit of all the council's IT hardware and revealed that almost 750 devices that are unaccounted for.
The report says that ‘a further nine incidents of theft involving 37 pieces of equipment have been reported by departments from various council premises throughout the city' and these include 28 laptops, only one of which was encrypted, three BlackBerrys, two desktop PCs, three memory sticks and a SIM card. According to the report, ‘where appropriate, these losses were reported to Strathclyde Police'.
The report, by the council's chief inspector, said: “These losses referred to indicate that theft has occurred on a significant scale over a number of years from a ‘secure area', and it would also appear to show that these thefts have been well-organised and systematic.”
A council spokesman said: “What this report shows is that for a number of years the council family has been poor at keeping accurate records of its IT equipment.”
Chris McIntosh, CEO of ViaSat UK, said: “The ludicrous fact that two unencrypted laptops were returned and then lost the same day seems to show a lack of care form the council and its contractors, especially following on from the announcement that the bank details of 16,451 constituents stored on an unencrypted laptop were lost earlier in the year.
“The controversial case where Glasgow City Council's mistakes led to the details of listed sex offenders entering the public arena via an unencrypted USB stick further demonstrates the damage that can be caused by a lax data protection policy.
“Organisations should act as responsible custodians of sensitive information they are charged with and ensure that any contractors or external organisations they work with are held to the same level of accountability. Furthermore, data should be secured and wherever possible encrypted to ensure audits like these no longer throw up such dour surprises in future.”