A word of warning – The Data Protection Act: Are you fully compliant?
Provided to Best Bear by Michele Payne, Director IsHr Management www.ishrmanagement.co.uk
A school in Oldham has been found in breach of the Data Protection Act.
The school reported the breach in January after an unencrypted laptop was stolen from the boot of a teacher’s car when parked at their home overnight. The laptop contained personal information relating to 90 pupils at the school.
The Information Commissioner's Office (ICO) enquiries found that the school was unaware of the need to encrypt portable and mobile storage devices, although it did have a policy in place informing staff that storage devices should not be kept in cars when away from the school premises.
It is vitally important that all organisations, in particular, schools and nurseries, take the necessary precautions to ensure that people’s personal information remains secure. The fact that the school was unaware of the need to encrypt the information stored on their laptop fuels our suspicion that many childcare and education establishments continue to process personal information without having the necessary security measures in place.
We understand the Head Teacher of the school in question has since signed an undertaking to ensure that all portable and mobile devices including laptops used to store and transmit personal data are encrypted using encryption software which meets the current standard; that the staff at the school are also to be trained on how to follow the school’s policy and procedures for the storage and use of personal data, and the school has agreed to regularly monitor its policies on data protection and IT security issues.
The Data Protection Act covers a huge area and is an Act employers can easily, quickly, and inadvertently fall foul of. All policies and procedures should be measured alongside the Act and wise employers will ensure that their Data Protection Policy is updated regularly and, periodically overseen by their HR / Legal Adviser as to get it wrong can be a costly mistake and lead to prosecution.
All employers should familiarise themselves with the Act and can access more information from the Information Commissioner’s website at www.ico.gov.uk The ICO also has a general Helpline and Regional Offices:
Helpline 0303 123 1113 or 01625 545745 Open from 9am to 5pm, Monday to Friday.
Address (head office)
Information Commissioner's Office
Cheshire SK9 5AF
Tel: 0303 123 1113 (or 01625 545745 if you would prefer not to call an ‘03’ number, or +44 1625 545745 if calling from overseas)
Fax: 01625 524510
The Information Commissioner's Office - Scotland
45 Melville Street
Tel: 0131 244 9001
Information Commissioner's Office – Wales
Tel: 029 2067 8400
Fax: 029 2067 8399
Northern Ireland office:
Information Commissioner's Office – Northern Ireland
51 Adelaide Street
Tel: 028 9026 9380
Fax: 028 9026 9388