The ICO has given an Oldham school a stern telling-off after an unencrypted laptop with pupils' details was stolen from a teachers' car. The laptop contained "personal information" relating to 90 pupils at Freehold Community School when it was half-inched from the boot of the corduroy's car, which was parked outside their home …
Contrast with ICO's treatment of BT
who were ordered by a Court to encrypt acutely sensitive personal information before handing it to ACS:Law on physical media.
BT simply ignored the court order, sending the data as an unencrypted email attachment instead (and the result is spread all over the web).
No fine, no undertakings, no warning, no penalties.
What about a policy of
Not leaving laptops in the boot of cars overnight?
My work laptop is encrypted, but I wouldn't be too popular if it was stolen from my boot because I couldn't be arsed bringing it inside my house.
Which raises the question ?
why issue laptops, if there's no homeworking going on ? My guess - the "L, LX, GLX, GLX-S" effect of company provided kit, which plagued the car market for decades, because most people had some miltary experience with a very rigid idea of ranks. Basic sales person gets the "L" model. Senior sales person gets the "LX" with 2-speed wipers, Sales manager gets "GLX" with an FM radio, and so on.
Most bosses get laptops because they are bosses, not because they need laptops.
As an aside, firm I used to work for saved on insurance by refusing to cover theft of laptops from cars - the user was liable. All of a sudden, people discovered they didn't need laptops.
No home working??
Teachers do loads of work at home, marking, planning, paperwork, etc...
they *weren't* home working. The laptop was in the BOOT OF THEIR CAR OVERNIGHT. So why take it home in the first place.
Clearly, the security policy here was an epic fail even before the issue of encryption was avoided. If there's no need for the equipment, then it shouldn't leave the premises. Bear in mind this story is about a breach of physical security.
double standards again?
Once again the ico. go for the small publicly owned target and ignore the pprivately owned commercial leviathans. No doubt this will set the precedent for a really tough response on the ACS:Law/Andrew Crossley case. Not.
As to the BT/PlusNet debacle - I totally agree with the first comment. ISPs are immune to any signficant ico. sanction.
The ico. has been subject to regulatory capture by the industry it is meant to regulate. It should be abolished.
a teachers' car
How many teachers owned the car?
Something about ignorance of the law....
..unless it concerns personal information of course.
And it will only get worse...
My partner's school have now stopped issuing laptops to teachers and instead are expecting them to use their own PCs, with childrens' reports being transferred by USB sneakernet, email etc. So no encryption, malware and anti-virus protection automatically set at 'lowest common denominator level' and loads of cached copies all over the PC inviting a data protection act prosecution. Lovely.
Just say you don't own a PC ?
not a job requirement is it ?
Just say you don't own a PC
That was mentioned during the staff meeting when the policy was announced and the official response was to use one of the computer suite laptops i.e. those used by the children during the lessons.
The only thing missing was a sweepstake form on how soon before an angry parent comes in waving a memory stick with the class' details on.
Teacher is never wrong, as if you worked in school you would know, it wouldn't matter a jot how often the IT staff told them, if it was in the least bit difficult to understand, they wouldn't do it. A better question is, are the off site tape backups encrypted.?
Tip of the iceberg...
My wife's been a teacher in quite a few schools now, and not one has had any idea about data security.
As previous people have stated, personal information is routinely emailed around or copied to USB sticks without any thought as to the consequences if it were to be lost.
She's even been emailed unencrypted information on children in preparation for a job interview !
Don't blame the schools here - most are blissfully unaware of their responsibilities. The failing is with the LEAs and the DfE.
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call