We hope the crook wiped data before fencing the computer, Council says
A laptop containing details of vulnerable children in the care of Edinburgh Council has been stolen from a consultant in the fostering service. The Information Commissioner’s Office (ICO) is investigating.
The laptop, taken from the home of a consultant on Edinburgh City Council’s fostering panel, reportedly contains details of dozens of fostering cases, including assessments of the prospective foster and adoptive parents.
The council has been in touch with the people likely to have been affected, and a spokesperson said that although the information has probably been wiped by the thief, the ICO has imposed hefty fines in similar instances in the past..
Taking no chances
“The police advice is that it’s unlikely the information was targeted and that the laptop was probably wiped for resale,” said an Edinburgh Council statement. “However, we won’t take any chances even when there is a low risk of individuals being identified. We have contacted the majority of those involved and have apologised. We’re working with our external advisers to stress the importance of information security.”
The ICO will be looking into the matter to see if the council’s assessment is right.
“We have recently been made aware of a possible data breach which appears to involve Edinburgh City Council,” said an ICO spokesperson. “We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”
The security industry condemned the Council for not ensuring that data was encrypted. “Nobody expects organisations to keep every single piece of IT equipment safe at all times: the world is simply too unpredictable,” said Chris McIntosh, CEO of Viasat UK. “However, the same doesn’t hold true for data: there is no reason that Edinburgh City Council couldn’t have, at the very least, made sure that all sensitive information on children and other members of the population was encrypted. At the same time, all those charged with carrying and using that data should have been fully aware of security best practice.”
Others advised organisations to ensure they have the ability to wipe data remotely if a laptop is stolen. “The installation of simple security software would have allowed all sensitive data to be retrieved and wiped remotely in a matter of minutes,” said Stephen Midgely, VP of marketing at Absolute Software (obviously, a vendor of such software). “Alongside tracking and recovery software these precautionary measures mean the difference between the inconvenience of a lost laptop and the public outcry of another data-loss scandal.”
The Tory MP for Lothian, Gavin Brown, said: “This should serve as another wake-up call to the council about security. While there is always a danger of laptops being stolen, what the council can control is the level of security within the laptop.”
Earlier this month the Information Commissioner’s Office (ICO) fined the Scottish Borders Council £250,000, one of its largest fines ever, when an outsourcing company employed to digitise pension records dumped documents containing details of hundreds of staff by an overloaded supermarket recycling bin.
Are you a security expert? Find out with our quiz!