Wigan loses unencrypted data on 43,000 children

**CyberNerd** · 8th September 2009, 12:28 PM

The Information Commissioner's Office has said Wigan Council breached data-protection law by allowing unencrypted data on school pupils to be downloaded to a laptop.

The laptop was then stolen, holding personal data on most children and young people in Wigan's schools: about 43,000 pupils.

The computer had been stored in a locked office, but not encrypted, according to the ICO. The person who downloaded the data to the laptop was breaching council policy, but there was no block on them doing so.

Joyce Redfearn, chief executive of Wigan Council, has signed an undertaking stating that the council will encrypt data on portable devices in future. Staff will be trained and made aware of the council's policy for storing and using personal data, and the council will ensure staff stick to that policy.

"I strongly advise organisations to avoid instances where employees can download large volumes of personal information," said Sally-Anne Poole, the ICO's head of enforcement.

"This incident could have been averted if the data was simply accessed from the main council computer network. Storing large volumes of personal information on portable devices is unnecessarily risky," she added.

Wigan loses unencrypted data on 43,000 children - ZDNet.co.uk

**laserblazer** · 8th September 2009, 01:16 PM

The big question is how detailed was the data. If it was just a class list is that a big deal? Personally, I don't see what harm that could do. Address details would be different.

**CyberNerd** · 8th September 2009, 01:26 PM

I doubt if they had class lists for 43k pupils somehow.

**Theblacksheep** · 8th September 2009, 01:28 PM

Originally Posted by CyberNerd

I doubt if they had class lists for 43k pupils somehow.

Pupil/teacher ratios for Wigan reaches a new height.

**pete** · 8th September 2009, 01:37 PM

*adds to his DP Training Scrapbook*

**apoth0r** · 8th September 2009, 02:19 PM

Physical security needs to be increased in these places too by the sounds of it.
There is no excuse for why the data was put on a laptop in the first place, ludicrous.

**laserblazer** · 8th September 2009, 05:22 PM

Originally Posted by CyberNerd

I doubt if they had class lists for 43k pupils somehow.

Sorry, I didn't make myself clear. What I would like to try and understand is at what point data becomes sensitive. As I said, I don't think class lists are a big problem or test results. Whereas, address details would be.

**CyberNerd** · 8th September 2009, 05:44 PM

Originally Posted by laserblazer

Sorry, I didn't make myself clear. What I would like to try and understand is at what point data becomes sensitive. As I said, I don't think class lists are a big problem or test results. Whereas, address details would be.

Beta have gone to great lengths classifying data types into different degrees of sensitivity - theres some info here if you are interested:
Becta Schools - Leadership and management - Data management - Data handling security guidance for schools

**PiqueABoo** · 8th September 2009, 06:12 PM

Perhaps I'll be corrected, but have they? Last time I looked there was lots and lots of boiler-plate security verbiage, but not very much relating that to eduction i.e. I found just one table mapping school data to (protection) category.

**CyberNerd** · 9th September 2009, 01:08 PM

should have said that there is information on howto classify data sensitivity based on risk

http://schools.becta.org.uk/upload-d...n_handling.odt

LinkBack

Thread Tools

Search Thread

Wigan loses unencrypted data on 43,000 children

Similar Threads

[Video] Children see, children do from childfriendly.org.au

Junior Network Manager - £18,000 - £20,000

SIMS Technical Specialist £30,000 - £34,000

SIMS Support Analyst; Immediate Start (London £25,000 - £32,000)

MIS MANAGER (London, Permanent £30,000 - £33,000)

Thread Information

Users Browsing this Thread

Posting Permissions