British Council in data protection blunder

Cultural charity lost disk containing personal details of 2,000 staff members

The Information Commissioner's Office has told the British Council to sign an agreement containing specific details of how it will handle sensitive data in future after the charity lost a CD containing the personal details of 2,000 members of staff.

The organisation, which runs international cultural and educational projects, lost the disk in December 2008 while it was being transported by courier firm TNT. It contained staff members' names, salaries and bank account details.

An investigation by the Information Commissioner's Office, published on Friday, said the charity was in breach of the Data Protection Act and must tighten its measures to ensure the security of its data.

The ICO said the disc was unencrypted, meaning that its contents were not protected. A British Council spokesman said the data on the disc was "compressed using a proprietary algorithm", meaning that its contents were secure.

The undertaking requires the British Council to ensure that all its mobile devices are encrypted. It also demands tighter physical security for the charity's data, and stricter rules on the sharing of data with other organisations.

Martin Davidson, chief executive of the British Council, said the organisation would take reasonable measures to keep personal information safe in future.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus