A USB stick that contained social services' confidential information about children in care has been found on a pavement in Stoke-on-Trent.
The Staffordshire newspaper The Sentinel reported that dozens of sensitive Stoke-on-Trent City Council documents were discovered on the memory stick, and includes records of foster carers, family court proceedings, parenting assessments, child custody arrangements and the psychological history of youngsters.
It reported that the information on the memory stick was not encrypted, which is against the council's own policy. Council officials have launched an urgent investigation into how the security breach happened.
A council spokesman said: "The safety of children in our care is our priority. We have procedures for ensuring that confidential and sensitive data is kept as secure as possible. We will conduct a thorough investigation to determine the circumstances in which the data was lost.”
A spokesman at the Information Commissioner's Office said: “We may serve an enforcement notice if an organisation has failed to comply with any of the data protection principles. We have statutory power to impose a financial penalty if there has been a serious breach of data protection.”
Nick Lowe, head of Western Europe sales at Check Point, said: “The data was not encrypted, which is against the council's own data protection policies. This highlights the fact that policies alone are not enough to protect sensitive data: the encryption has to be automated and 'always on' to stop these breaches happening and avoid penalties from the ICO.”
Dave Jevans, CEO of IronKey, said: “This is a clear breach of UK data privacy regulations. It seems that local councils and government offices need much better training and enforcement in the areas of data protection and encryption. The use of self-encrypting secure storage devices, such as encrypted USB memory sticks, should be required and enforced.”