Loss of sensitive personal data.
Loss of an unencrypted USB stick containing sensitive personal data. This was the second data security incident reported by the data controller within 6 months.
Undertaking issued to ensure that all portable media devices used to store sensitive personal data are encrypted to a sufficient standard.
Reason for action
The USB stick had been used in 2005 by a member of the data controller’s social work department and was not encrypted or password-protected. Although the data controller had provided encrypted USB sticks since 2006 it never required the return of previously used unencrypted media devices.
27 May 2010
View PDF of West Berkshire Council’s Undertaking (Via ICO Website)
View PDF of West Berkshire Council’s Undertaking (Breach Watch Archive)