Local city council breaches the Data Protection Act

Two laptops have been stolen from Manchester City Council leading to a breach of the Data Protection Act, reported the Information Commissioner’s Office (ICO).

The computers hold personal details of 1,754 employees at local schools. Neither of the laptops was encrypted nor were they secured to the desks.

Sally-anne Poole, head of enforcement and investigations at the ICO, said: ‘Organisations must implement appropriate safeguards to ensure personal details are handled securely and do not fall into the wrong hands.’

She added: ‘We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of their staff is embedded in their organisational culture.’

Under the Data Protection Act clearly organisations are required to take appropriate measures to ensure that personal information is kept secure.

“Neither of the laptops was encrypted nor were they secured to the desks.

Failure to comply with the Act could lead to enforcement action by the ICO.

Manchester City Council has agreed to take immediate action.

Sir Howard Bernstein, chief executive of Manchester City Council has formally agreed that from now on he will ensure all laptops and other removable devices are encrypted and secured to desks or locked away.

The council said it would also ensure that only essential personal information is downloaded to mobile devices. It has also agreed to implement an improved training programme, including regular refresher training for all staff.