Memory stick that contained personal details of disabled people lost by Wigan Metropolitan Borough Council staff
A memory stick that contains sensitive and confidential information of more than 200 disabled residents has been reported lost in Wigan.
Wigan Today reported that Social Services has spent the last 48 hours individually contacting every person listed to reassure them that everything possible is being done to protect their identities from potential theft and fraud.
Although names, dates of birth, ethnicity and type of disability and some national insurance numbers plus employment details were included, Wigan Council has insisted that no financial information or addresses of individuals were on the stick.
The incident follows the theft of a laptop last year that contained personal information on more than 33,000 children living in the borough.
Executive director of health and wellbeing, Bernard Walker, revealed that town hall staff were acting in breach of the council's policies in using the memory stick for this information.
Walker said that the council was taking the incident and its consequences ‘extremely seriously indeed'. He said: “There has unfortunately been another significant loss of personal information following the loss of a memory stick which was being used to transfer information about individuals from the supported employment team in adult services to a body that provided funding for that service.
“The memory stick was actually lost en route back from Stockport where that agency was based. The council is under a duty to advise the Information Commissioner and that has been done.
“Although I believe that the council has taken all reasonable steps to comply with its undertaking, following the latest loss of data, I can confirm that the council has introduced a complete ban on the use of memory sticks and pen drives for any purpose until a long-term solution is identified.
“This may involve the encryption of a number of memory sticks but the ban on the use of memory sticks for personal data will remain.”
Chris McIntosh, CEO of hardware encryption specialist Stonewood, said: “That the data involved was stored on an unencrypted memory stick in defiance of Wigan Council's own guidelines shows that more education of its employees is needed. While Wigan Council states that all personal data on council laptops must be encrypted, evidently without rigorous enforcement of its own rules these incidents will continue to happen.
“The reality is that whenever data is put on a device, whether a laptop, a memory stick or a CD, it is vulnerable to loss or theft. Naturally, data does need to be moved, so a blanket ban on memory sticks, such as Wigan Council has now implemented, can only be a temporary measure at best.
“Organisations need to encrypt their data at all times, whether it is on a central computer, a laptop or a memory stick. In this way, they can be certain that, even if the data is lost, it can't be used for malign purposes. It is good to see that Wigan Council is now extending its encryption programme, but sad that its hand was forced by these two incidents.”
Nick Lowe, Check Point's regional director for Northern Europe, said: “The council states that it has temporarily banned the use of memory sticks. However, the most effective solution is to issue qualifying staff with an authorised memory stick, deploy automated encryption for all data copied to them, and ban all non-authorised devices."