Portsmouth council avoids fine after thieves steal laptop from worker's car

THE city council avoided a fine up to £17m after thieves stole a laptop and case files potentially breaching 'sensitive' data relating to six people – including two children.
By Fiona Callingham
Published 3rd Mar 2020, 06:00 BST
Updated 5th Mar 2020, 11:20 BST
Watch more of our videos on Shots! 
and live on Freeview channel 276
Visit Shots! now

The Information Commissioner's Office (ICO) has now ruled no further action was needed over the November incident.

Stored on the laptop and in the files were personal details about six service users, two of them children, and information about their schools, family and health. The items were taken from the Portsmouth City Council officer's car.

Hide Ad
Hide Ad

If found to be a serious breach of general data protection regulation (GDPR) the ICO is able to fine local authorities up to 20m Euros or four per cent of the council's annual turnover.

File photo of police. Picture: Ian Hargreaves (310519-1)File photo of police. Picture: Ian Hargreaves (310519-1)
File photo of police. Picture: Ian Hargreaves (310519-1)

But an ICO spokeswoman said: ‘Portsmouth City Council made us aware of an incident. After looking at the details, we provided the council with detailed advice and concluded no further action was necessary.’

Read More
Customers angry as Barclays branches in Portsmouth locked down by Greenpeace cam...

A council spokesman added: 'We always strive to meet the highest standards when collecting and using personal information, in accordance with data protection law.

'We have robust security measures, including encrypting personal data and equipment, system access controls and regular training in data protection for all staff.

Hide Ad
Hide Ad

'All breaches are taken very seriously and we examine each one to see what action needs to be taken and what lessons can be learned. We report serious data breaches to the ICO in line with their published guidance.

'In the last four years we've reported 13 incidents, 12 of which resulted in a decision by the ICO to take no action.’

As a result of the incident that was also reported to the police, the member of staff involved had to complete information governance and GDPR online training, read data in transit policy and was provided with a laptop bag lock.

A report that was heard by the council's governance and audit standards committee also detailed how between July 2019 and January 2020 there were 42 incidents of data breaches at the council.

These files contained information about 1,040 people potentially at risk. However, only this one was considered serious and in need of the ICO review.