Thomas Bridge 07 June 2013

ICO fines Glasgow £150k for data breach

Glasgow City Council has been fined £150,000 following the loss of two unencrypted laptops, one of which contained personal information about 20,143 residents.

The monetary penalty, issued by the Information Commissioner’s Office (ICO), came after the laptops – containing the town hall’s creditor payment history file and 6,069 individuals’ bank account details - were stolen from council offices in May last year.

Complaints of theft and a lack of security had already been made about the council premises where the theft took place.

One laptop had been locked in a storage drawer and the key placed in an unlocked drawer with the second laptop.

This breach of the Data Protection Act comes two years after Glasgow was issued with an enforcement notice for losing an unencrypted memory stick containing personal data.

Despite previous warnings, the latest ICO investigation found Glasgow had issued a number of staff with unencrypted laptops – some of which were later encrypted - after encountering software problems. In total, the ICO found 74 unencrypted laptops remain unaccounted for at the town hall, six of which have been stolen.

Glasgow is now required to carry out a full audit of its IT assets used to process personal data and arrange for all its managers to receive asset management training. The local authority will also carry out an annual check of devices.

The ICO’s assistant commissioner for Scotland, Ken Macdonald, said: ‘Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost. To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow.

‘The council should be held to account, and the penalty goes some way to achieving that.’

A Glasgow City Council spokesman said: ‘This data loss should not have happened and we took immediate steps to ensure it does not happen again. It is important to note that the number of unencrypted laptops was already coming down when this theft occurred.

‘The council co-operated fully with the ICO and wrote to everyone potentially affected to advise them of the data loss. The ICO acknowledges there is no evidence that any bank accounts have been targeted, that the council immediately informed it of the theft and that we carried out significant remedial action.’

SIGN UP
For your free daily news bulletin
Highways jobs

Senior Practitioner - Woodlands Family Centre, West Essex

Essex County Council
£48205.0000 - £57988.0000 per annum
Senior Practitioner - Woodlands Family Centre, West EssexFixed Term, Full Time£48,205.00 to £57,988.00 Per Annum Location
Recuriter: Essex County Council

Senior Practitioner - Placement Finding Team

Essex County Council
£48205.0000 - £57988.0000 per annum
Senior Practitioner - Children & Young People's Placement Service - Placement Finding TeamPermanent, Full Time£48,205 to £57,988 Per AnnumLocation
Recuriter: Essex County Council

Cleaner

Durham County Council
£24,796 (Pro Rata)
Permanent Contract - Part Time 10 hours per week 4.00pm to 6.00pm Monday to Friday. Whole Time. Required to start 1st August 2026.   Governors wish to Newton Aycliffe
Recuriter: Durham County Council

Social Worker MHSOP

Durham County Council
£35,412 - £39,152 / £40,777- £45,091 p.a. ( pro rata for part-time) i.e. grade 9 pre progression/grade 11 post progression (Pay Award Pending)
We are looking for a MHSOP Social Worker to join our Adult Care Service, supporting older people and adults with a physical disability.   WHAT IS INVO Durham
Recuriter: Durham County Council

Clerical Officer Receptionist

Durham County Council
Grade 3 £25,185 - £25,989 Pro rata (Pay award pending)
WHAT IS INVOLVED? We are looking to appoint a temporary (18 months) part time Clerical Officer/Receptionist within Business Services to provide a pr Newton Aycliffe
Recuriter: Durham County Council
Linkedin Banner