ICO makes school stand in corner over data theft The ICO has given an Oldham school a stern telling-off after an unencrypted laptop with pupils' details was stolen from a teachers' car. The laptop contained "personal information" relating to 90 pupils at Freehold Community School when it was half-inched from the boot of the corduroy's car, which was parked outside their home …
who were ordered by a Court to encrypt acutely sensitive personal information before handing it to ACS:Law on physical media.
BT simply ignored the court order, sending the data as an unencrypted email attachment instead (and the result is spread all over the web).
No fine, no undertakings, no warning, no penalties.
why issue laptops, if there's no homeworking going on ? My guess - the "L, LX, GLX, GLX-S" effect of company provided kit, which plagued the car market for decades, because most people had some miltary experience with a very rigid idea of ranks. Basic sales person gets the "L" model. Senior sales person gets the "LX" with 2-speed wipers, Sales manager gets "GLX" with an FM radio, and so on.
Most bosses get laptops because they are bosses, not because they need laptops.
As an aside, firm I used to work for saved on insurance by refusing to cover theft of laptops from cars - the user was liable. All of a sudden, people discovered they didn't need laptops.
they *weren't* home working. The laptop was in the BOOT OF THEIR CAR OVERNIGHT. So why take it home in the first place.
Clearly, the security policy here was an epic fail even before the issue of encryption was avoided. If there's no need for the equipment, then it shouldn't leave the premises. Bear in mind this story is about a breach of physical security.
Once again the ico. go for the small publicly owned target and ignore the pprivately owned commercial leviathans. No doubt this will set the precedent for a really tough response on the ACS:Law/Andrew Crossley case. Not.
As to the BT/PlusNet debacle - I totally agree with the first comment. ISPs are immune to any signficant ico. sanction.
The ico. has been subject to regulatory capture by the industry it is meant to regulate. It should be abolished.
My partner's school have now stopped issuing laptops to teachers and instead are expecting them to use their own PCs, with childrens' reports being transferred by USB sneakernet, email etc. So no encryption, malware and anti-virus protection automatically set at 'lowest common denominator level' and loads of cached copies all over the PC inviting a data protection act prosecution. Lovely.
That was mentioned during the staff meeting when the policy was announced and the official response was to use one of the computer suite laptops i.e. those used by the children during the lessons.
The only thing missing was a sweepstake form on how soon before an angry parent comes in waving a memory stick with the class' details on.
My wife's been a teacher in quite a few schools now, and not one has had any idea about data security.
As previous people have stated, personal information is routinely emailed around or copied to USB sticks without any thought as to the consequences if it were to be lost.
She's even been emailed unencrypted information on children in preparation for a job interview !
Don't blame the schools here - most are blissfully unaware of their responsibilities. The failing is with the LEAs and the DfE.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
