A school in York has been left red-faced after a member of
the school staff left an unencrypted removable memory stick on public
transport.
The Information Commissioners Office has launched an
investigation after being made aware of the incident. St Peter’s School in Clifton, which is one of
York’s top public schools, admitted that there were a number of documents on
the memory stick that related to school governance, and which could potentially
include information about a ‘small number of individuals’ although thankfully
there were no bank or financial details on the device. There was no suggestion
that the information had been accessed or used by anyone since being lost in
October.
The school's head, Leo Winkley, has also been forced to
write to the parents of children at the school to inform them about the
blunder, and is working with the ICO to make sure that all the correct
procedures are followed - although it would have saved the school a great deal
of trouble if they had simply encrypted their memory stick so that it was
unusable without a password.
The loss has caused consternation in York as the device was
said by a source to contain highly sensitive information about pupils and
former pupils - and worryingly, the public transport operator has not been able
to locate the missing memory stick - so nobody knows where it is, or whether it
has been found by a member of the public and accessed.
A source told the York Press that they there had also been
confusion with the ICO claiming to not know about the allegation, but after
some investigation, subsequently confirmed that they were making enquiries into
what had happened.
This case just underlines the necessity for all removable
memory devices to be encrypted or password protected; with the best will in the
world, memory sticks and other removable storage devices can go missing, but if
the information is protected by a password, if it should be found by someone,
the data will be protected from anyone unscrupulous using it.
Do you have a security policy in place and train your staff
in how to protect sensitive information? If you’re unsure of how to protect
your data, contact me and I will be delighted to provide you with guidance and advice.
No comments:
Post a Comment