Leasowes Community College

What
Loss of sensitive personal data.

How much
About 1,500 records.

Why
A unencrypted USB memory stick containing the personal data of pupils was found by a member of the public.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all storage devices must be sufficiently encrypted. All staff must receive adequate training in order to fulfil their obligations under such a policy.

Reason for action
The USB stick was of poor quality and unencrypted. It does not appear to have been missed and adequate relevant policies and staff training were not in place.

When
20 April 2009

Links
View PDF of the Leasowes Community College Undertaking (Breach Watch Archive)

The University of Manchester

What
Loss of sensitive personal data.

How much
About 2,300 records.

Why
A computerised spreadsheet containing the personal data of some 1,755 was published when it was accidently sent as an attachment of an email by a member of the University staff and forwarded to some 469 students..

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data being processed. Policies on the transfer, sharing and publication of personal data must me made clear and all staff must receive adequate training in order to fulfil their obligations under such policies.

Reason for action
The data controller did not on this occasion ensure that adequate measures were taken to prevent the inappropriate internal transfer of the information.

When
15 April 2009

Links
View PDF of the University of Manchester Undertaking (Breach Watch Archive)