Edinburgh City Council is conducting an investigation after a laptop, containing sensitive details on vulnerable children, was stolen from a member of a fostering and adoption panel.
According to the Scotsman, the laptop was stolen from the home of an independent consultant who conducts reviews of foster and adoptive parents in Edinburgh. The data included files and minutes from dozens of reviews. The laptop has not yet been recovered and the council said it was not encrypted.
Council officials are particularly concerned because some of the information on the laptop may relate to children who were removed from their parents by social services.
A council spokeswoman said: “The police advice is that it's unlikely the information was targeted and that the laptop was probably wiped for resale. However, we won't take any chances even when there is a low risk of individuals being identified. We have contacted the majority of those involved and have apologised. We're working with our external advisers to stress the importance of information security.”
A spokeswoman for Lothian and Borders Police said: “We are following a positive line of inquiry following a house-breaking at an address in the south-east of Edinburgh.”
Chris McIntosh, CEO of Viasat UK, said: “Nobody expects organisations to keep every single piece of IT equipment safe at all times: the world is simply too unpredictable. However, the same doesn't hold true for data: there is no reason that Edinburgh City Council couldn't have, at the very least, made sure that all sensitive information on children and other members of the population were encrypted.
“At the same time, all those charged with carrying and using that data should have been fully aware of security best practice.
“No doubt the council will learn lessons from this event, both from the theft itself and any likely actions from the Information Commissioner's Office. However, wisdom with the benefit of hindsight is simple. Organisations still need to realise that data loss or theft can happen to anyone, at any time, for any reason. Failure to anticipate this could once be explained as a sad accident. As time goes on it will look more and more like negligence.”
Stephen Midgely, global vice president of marketing at Absolute Software, said: “When sensitive data is stolen, particularly details of vulnerable children, it is vital to have the means to take control of that data before the criminals do.
“Often the data on a device is more important and valuable than the hardware itself. Therefore it's vital that government bodies and businesses alike take precautionary security measures before they issue employees with mobile devices which might be used to access and store personal details.
“In the case of Edinburgh City Council, the installation of simple security software would've allowed all sensitive data to be retrieved and wiped remotely in a matter of minutes.”