Waseley Hills High School and Sixth Form Centre had stored the
details of 984 pupils and 186 staff members on the laptop without
any encryption protection. The records included sensitive personal
data, the ICO said.
The school itself reported the data breach to the ICO in June of
this year. The ICO has agreed not to issue an Enforcement Notice
under the Data Protection Act because of the undertaking the school
has committed to.
The school has promised to change the security used on portable
computing devices that hold personal data, using encryption "where
appropriate", and to train staff in data security.
“Storing large volumes of personal information on portable
devices is unnecessarily risky," said Mick Gorrill, Assistant
Information Commissioner. "If personal details fall into the wrong
hands, individuals can experience considerable distress."
"It is vital that personal information is handled securely,
especially where so many children and young people are concerned. I
am pleased that the school has taken action to guard against
security breaches of this nature in future," said Gorrill.
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
