8:48am Tuesday 16th March 2010
By Dan Bean
EIGHT laptops have been stolen from City of York Council offices in the last three years, The Press has learned.
Figures obtained under the Freedom of Information Act show five of the computers belonged to the education department.
The authority said it did not know exactly what was on the computers, but they had “no reason to believe” they contained information regarding individual children.
One privacy campaigner called the security failures “appalling”, coming on the back of high-profile data breaches in recent years, but praised the council for its subsequent response.
In 2008, The Press reported the theft of 12 computers containing confidential information from council staff offices and homes since 2002.
The report led to a review of security and laptop usage, and the introduction of safety measures, including encryption software and confidential details being kept on a secure internal network unless absolutely necessary.
Eight more laptops have been stolen since, all of which have been reported to police.
Coun Richard Moore, the council’s executive member for corporate services, could not confirm whether the laptops contained confidential information, but said all information on council laptops was encrypted.
Coun Moore, said: “We have had encryption software installed on all our laptops, and a password is needed to even activate the system.
“Last year it was suggested that the encryption software be cut from the budget, as it was not deemed necessary. Luckily the amendment was never made, and it would be incredibly difficult for anyone to access the encrypted material without the appropriate software.”
But Roy Grant, head of IT operations at the council, said the encryption software was still being installed on council computers.
Mr Grant said: “We are rolling out a corporate data encryption solution, so that in the unlikely event of any information being stored locally on devices covering both fixed and removable media, this information could not be accessed by third parties should the devices be stolen or lost.”
Phil Booth, national co-ordinator of the No2ID campaign group, said the council’s security could still be improved.
He said: “It is appalling that after such high-profile concerns and so-called reviews that personal data should still go missing and be lost in this way.”
Mr Booth said no company could rely on all employees to adhere to every security measure put in place by a review. He said: “It sounds to me like they’ve made some sensible moves, but without logging machines in and out, and monitoring exactly what data was used on each one, there’s no way of knowing what is on them.
“If the machines are still going missing how can people feel confident that their information is safe?”
© Copyright 2001-2012 Newsquest Media Group
http://www.yorkpress.co.uk/trade_directory/