School data loss apology
Bryan Copland • Published 9 Feb 2012 09:27
4 Comments
Share this
FURIOUS parents hit out at East Lothian Council after an employee lost a memory stick containing personal information of more than 1,000 primary school pupils.
Records of 1,075 children at Dunbar, East Linton, Innerwick, Stenton and West Barns primaries - including emergency contacts and medical details - were downloaded to a memory stick by a staff member for the purpose of working at home.
A letter from Don Ledingham, the council's director of education, said the actions of the employee - who was not a teacher - had been in breach of council policy.
The letter said: "The information stored included your child's name, school and class, emergency contact details, after-school clubs attended and possibly some medical information you have provided.
"The file on the memory stick was password protected and therefore I believe the risk of this information being accessed is minimal.
"I am very sorry that, as the result of the actions of one member of staff, we have let you down. We will do our best to ensure this does not happen again."
The incident has been reported to the Information Commissioner's Office.
One mother from West Barns told the Courier: "I'm raging. It's a disgrace, especially considering all the stories we've heard about information being lost by employees taking them home."
Councillor Paul McLennan, council leader and ward member for Dunbar and East Linton, said: "I share the concerns of parents and add my apology to that of Don Ledingham's."
Have your say. Post a comment on this article.
-
Dataguru
Unregistered User
Feb 10, 08:49
Report commentWhat's the big deal here. If the memory stick was password protected (and/or encrypted) the personal data was secure. The school was following data protection act guidelines by making sure the data on the portable device was secure.
Ok, so the user lost the stick. But assuming the password / encryption was robust the personal data is secure and can't be breached.
Recommend?
Yes 8
No 3
-
Alex
Unregistered User
Feb 10, 10:17
Report commentCOnfidentiality is only one aspect of information security. By taking the information, which we don't if it was the only copy of the info etc, then they have compromised the integrity of the information that's held, and also they've compromised the accessibility of it too by losing it in the first place!
If the policy is clear that info shouldn't be taken offsite on a stick, then the employee shouldn't have done it, unless they had support of their line management (who should have checked whether it was original/copy etc)
Recommend? Yes 4
No 0
-
NCD Ops
Unregistered User
Feb 11, 20:38
Report commentThe stick wasn't encrypted. The file, obviously a Word doc or Excel spreadsheet, was password protected. This is similar to if you were to place a postcard inside an envelope to stop the guys at the sorting office from reading it. Hackers have tools that will strip the password from an Office document in 3 minutes. Hopefully this usb key has fallen down the back of the staff member's sofa....
Recommend? Yes 1
No 0
-
ifnotateacherthenwho
Unregistered User
Feb 12, 15:33
Report commentIf not a teacher then who?
The fact is we all complete at the start of the new term in August our childrens updated school record, what amazes me is that the information is then given to someone who does not even work for the Department.
Now theres nothing wrong in sharing information but i don't remember ever being asked if ELC can give this onto another department who provide Active Schools.
Cover up somewhere given that the information was lost by a member of staff outwith the Education Department and it would have looked worse/more suspicious had the apology come from the Director of Community Services - Don to the rescue!
Thats surely the real story here and not how long it would take to encrypt it.......
Recommend? Yes 0
No 0
Return to the main index, get more from this section or browse our News archives.
