Young people's charities escape fines over unencrypted data

Information Commissioner's Office says the sensitive data was installed on laptops that were stolen

Charity's laptop containing unencrypted data was stolen
Charity's laptop containing unencrypted data was stolen

Two charities breached data protection rules by storing unencrypted data about children or young people on laptops that were later stolen, the Information Commissioner’s Office has concluded.

The ICO report said Asperger’s Children and Carers Together, a Sheffield-based support group for children and families affected by Asperger’s syndrome, reported a breach of the data laws after a laptop containing personal data on 80 children was stolen from an employee’s home in December.

The laptop contained children’s names, addresses, dates of birth and medical information.

It also said Wheelbase Motor Project, which provides motor maintenance training for socially disaffected young people in Nottingham, reported a breach after the theft of an unencrypted hard drive from the charity’s offices, which contained personal information on 50 young people, including details of past criminal convictions.

Both charities have since signed undertakings promising to ensure that all information stored on portable or mobile devices is encrypted, and that they will update their policies on storing sensitive data and share them with staff, the report says.

Neither charity received any other penalty, and in neither case has the ICO seen evidence that the data has been used.

It has the power to issue fines up to £500,000.

Sally-Anne Poole, acting head of enforcement at the ICO, said: "Any organisation that stores personal information on a laptop or other portable devices must make sure that the information is encrypted.

"Information about young people’s medical conditions or criminal convictions is obviously sensitive and should have been adequately protected.

"We are pleased that both charities have agreed to take the necessary steps to ensure that the personal information they hold is kept secure from now on."

Lawrence Simanowitz, a lawyer at the firm Bates Wells and Braithwaite, said 350 complaints had been made against charities in the past four years.

"Traditionally, the Information Commissioner has taken quite a mild approach to charities," he said. "Even in this case the response has been quite gentle.

"However, I think this is a shot across the bows for charities. Next time the response might be more serious, particularly if the information had been used to cause damage."

Neither charity could be contacted by Third Sector for a response.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus