Four laptops that contained the personal details of more than 14,000 postal voters have been stolen.
The St Albans and Harpenden review revealed that a laptop contained the names, addresses and dates of birth of 14,673 people who applied for a postal vote for June's local election. The council believes that it was taken by the same person who stole three other laptops earlier this month.
Signatures are viewable as the laptop includes scanned postal vote application forms
Council spokesperson Claire Wainwright, told the review: “The data was protected by two levels of security access. There is a slight risk that the data could be accessed and as a precaution, the council is writing to those residents who have been affected to inform them of the position and the risks involved.
“The council is working with the police and Northgate Information Solutions, which manages its IT services, to investigate the matter. The Electoral Commission and the Information Commissioner's office have both been informed.”
The council apologised to residents and reassured them that it takes data protection very seriously, and is to conduct an internal investigation with immediate effect.
Nick Lowe, Check Point's regional director for Northern Europe, said: “Two years on from the HMRC data loss, organisations are still not placing safeguards on sensitive personal data. In this case, the fact that peoples' signatures have been lost as well as their names and addresses raises the risk of fraud and identity theft.
“In our recent survey of 135 public and private sector firms, over 50 per cent did not have any encryption in place to secure data on their laptops. This hasn't changed since the HMRC incident, so you have to wonder how many incidents it will take for the lessons to sink in.”