Tuesday, 22 March 2011

Leicester City Council - 2,000 Elder's front door code goes missing.

"Leicester City Council has misplaced a USB stick containing personal details of 4,000 vulnerable and often elderly users of its care service.

The data has disappeared from LeicesterCare, the council's vulnerable residents' support service. Along with personal information, the stick also has key codes for 2,000 people, which are used to open boxes outside users' houses which contain their front door keys. - Reported by The Register"

 This is just sickening. It would be good to understand who within the Council actually thought that putting such sensitive information on to a USB Stick was acceptable.

The Council has yet to confirm if the stick was encrypted or not, but if the Council had looked at this with a Business Impact Assessment mehtod for the loss of the data they would have discovered that the loss of 2,000 vulnerable adult's front door code has a very high impact against it if lost.

Its amazing simple things like this are not conducted by the Council and still you keep hearing about such catagories of data loss.

As the Data Owner, ultimately the Council's CEO should be held accountable, but yet again you can be sure that the ICO will not take any real action.

Till the Data Protection ACT does not carry a criminal conviction Data Owners up and down the country will still keep taking large risks with other people's data.

The Council knows even if it is fined, it simply has to pass this charge to the local residents as extra Council Tax.

Due to the nature of the data loss in this case, it is simply shamefull and the CEO of Leicester City Council (as the Data Owner) should offer his resignation.  There is no justifiable business reason to take such sensitive data off onto a removable drive, encrypted or not, especially when you consider how easy it would have been to setup SECURE remote access to the data in the first place.

I always insist on secure remote access to the data in the first instance with USB removable drive access to the data being the absolute last after all other options have been explored and exhausted.

No comments:

Post a Comment