back to article Manchester council caned over school data breach

Manchester City Council has been rapped over the knuckles for the loss of two laptops containing sensitive personal information on teachers and workers at local schools. The local authority was sent to detention obliged to sign a promise to improve its performance following the loss of two unencrypted machines from the Town …

COMMENTS

This topic is closed for new posts.
  1. Paul Gomme

    When will someone take responsibility for these breaches?

    "...data privacy watchdogs at the Information Commissioner's Office criticised the council for carelessness with personal data, and for clear violations of the Data Protection Act. Any future transgressions by the council could result in enforcement action by the ICO."

    So why aren't they being prosecuted? Surely if you violate the law, you should be punished?

    And the use of the word "could" seems to suggest that even if they breach the regulations AGAIN, there is no guarantee action will be taken against them.

    Just because people are (perhaps naively) willing to expose their personal information on places like social networking sites, this should not be used as an excuse by either public or private bodies to avoid their obligations to protect people's personal data.

    In this case, as in many others, much is made of "actions put in place to ensure it will never happen again." But what about the potential (and maybe real) consequences of such a breach?

  2. Tony S

    Call me crazy

    "Neither of the laptops were physically secured to desks."

    Uhmmm.... they're laptops. Are they supposed to be secured to desks? E.g. drill a hole through the middle of the keyboard and put a damn great security bolt through it?

    And yes for all the smart arses out there, I am aware that you can a cable locking device especially for laptops. These are great until someone forgets to use it or loses the padlock. But they are no good if you want to move the laptop and use it in a place where there no where to actually secure the device.

    "Security is a journey, not a destination". (Schneier I think - but could be wrong)

    Unfortunately, there are a lot of people that are still on the station platform, unsure of which train to ride on. (and in some cases, they have a bus ticket!)

  3. Anonymous Coward
    Flame

    oh dear

    ' Manchester's many light-fingered citizens'

    That's going to go down well. Assuming any Mancs have the article read to them, that is..

  4. Trevor 3
    Coat

    @AC 09:31

    <quote>

    ' Manchester's many light-fingered citizens'

    That's going to go down well. Assuming any Mancs have the article read to them, that is..

    </quote>

    What are you trying to say? That Mancunianainans are club fisted and fat fingered? But how would they roll their cigarettes and tie up the strings on their tracksuits?

  5. Anonymous Coward
    Flame

    re: oh dear

    Well yes, someone read the article to me, and I was outraged I can tell you!

  6. Matt 13
    Thumb Up

    re ac 09:31

    Well it looks as though 2 Manc citizens now have a laptop to read the reg on now....

    dont worry, Ill get my own!

  7. dunncha
    Thumb Up

    enforcement action by the ICO

    Oh I can't be bothered. A bit like the ICO. ..... But no wait didn't he get a CBE

    Mr Thomas has been Information Commissioner since 2002, soon after the organisation was first created.

    He has overseen a change in its responsibilities from data protection to being an official protector of personal information.

    Obviously somebody is very pleased with his work ..... or lack of it on some Government focused cases.

    No point in anon seeing as I have had a chip implanted in my brain in case I break a law.

    Can I have an icon for a tinfoil hat please?

  8. frank ly

    Promises, promises...

    "Sir Howard Bernstein, chief exec of Manchester City Council, signed a promise to .."

    Am I the only one who thinks this is pathetic? What about a performance order issued by a court? What about a deadline followed by an audit performed on them by an external agency?

    If you want people to take you seriously you have to react seriously.

  9. Anonymous Coward
    Linux

    RE: Oh Dear

    Im an Manc,

    But i think it was a load of visiting scousers....

    "Sir Howard Bernstein, chief exec of Manchester City Council, signed a promise to encrypt laptops and other removable devices in future. "

    "In the future" - Why not now? Shouldnt he have noticed from the million and one security breaches in this last year?

  10. Joe 3
    Alert

    Where's the standard quote?

    "We at [INSERT ORGANISATION NAME HERE] take data protection very seriously ... was protected by a password ... unfortunately was not encrypted ... security is our top priority ... etc. etc. etc. "

  11. Anonymous Coward
    Thumb Down

    GOV and school IT security is a joke!

    My missus works at a school and they staff quite often borrow the laptops, all XP, all auto login with admin accounts, for personal and admin work. She often tells them that they should be more careful and shouldn't borrow the equipment, only to receive blank stares.

    She also had reason to complain recently to the local authority after the county school website, with details of kids, the schools they attened, their siblings and curriculur activities was found to be running without SSL. She was told that "You only need the key icon thingy on financial sites, our site has a password, so where's the problem?". The problem is your putting confidential information in the public domain, open to abuse all for the sake of a 30 quid SSL certificate!

    After about a week, the "key icon thingy" magically appeared, so someone with more clout must have shouted as well.

  12. D.ST
    Stop

    Numpties

    I notice it doesn't mention they were left out on desks on the top floor of the town hall, and that they were taken in broad daylight - quality security there!

    Then again this is the same institution whose IT system went belly up for over 2 weeks (i.e. nothing worked AT ALL) due to poor network security.

    My data was amongst the stolen, we received an apologetic letter and 1 years Experian cover. I look forward to moving schools out of Manchester LEA so they have nothing further to do with me, heck, my pay might even be correct most months!

  13. Anonymous Coward
    Pirate

    @Matt 13

    >" dont worry, Ill get my own! "

    No ya won't, I already nicked it!

  14. jamin100
    Boffin

    RE: AC - GOV and school IT security is a joke!

    Your missus obviously works in a school with rubbish security!

    I'm a Network Admin at a school and I can tell you that security is high priority. All laptops that leave school have whole disk encryption and all staff members have encrypted memory sticks incase they loose them or they get nicked!

    Not every public sector IT worker doesn't know what their doing. Check edugeek for a wealth of public sector IT knowledge!

  15. Anonymous Coward
    Grenade

    And soon they'll have ContactPoint

    and then they'll really be able to lose data.

This topic is closed for new posts.

Other stories you might like