The British Council

What
Loss of sensitive personal data.

How much
22,000 records.

Why
An unencrypted computer data storage disc containing personal data relating to 2,000 staff, including trade union membership, was lost in transit by a courier service.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data being processed either by the data controller or any third parties. Mobile media devices must be encrypted to a suitable standard. All staff must receive adequate data protection training.

Reason for action
Although the disc was lost by a third party, the council had failed to ensure that the disc was encrypted to a minimum standard.

When
7 April 2009

Links
View PDF of the British Council Undertaking (Breach Watch Archive)