Union lost personal data of 6,000 members

ATL in breach of law over disappearance of unencrypted information from car

5th February 2010, 12:00am

A teaching union has been left red faced after a laptop and a memory stick containing the personal details of more than 6,000 members went missing.

The devices, containing the names and addresses of 6,282 members of the Association of Teachers and Lecturers, were lost or stolen as a member of staff was packing his car at the roadside.

The information, about members in the North East and North West, was not encrypted and the memory stick was not protected with a password.

The incident, which happened in October 2009, was followed by an investigation by the Information Commissioner’s Office, the data watchdog, which found ATL in breach of the Data Protection Act.

This week it ordered the union to sign an undertaking to ensure the safety of members’ details.

By February 28, all portable devices used by the ATL to store and transmit personal details must be encrypted. Staff will also be banned from storing personal information on their own memory sticks.

Sally Anne-Poole, head of enforcement at the Information Commissioner’s Office, said: “Staff members should never be allowed to keep people’s personal details, especially sensitive personal information, on their own memory sticks. I am pleased that the ATL is taking remedial steps to prevent a similar situation occurring again.”

Mary Bousted, general secretary of the ATL, said she “deeply regretted” the data loss, but stressed that no financial or bank details had been stored on the hardware.

She added: “We have been carrying out continuous monitoring of the records and there is no evidence that it has been accessed. We immediately informed the police and the Information Commissioner’s Office and have fully complied with their ruling.

“We have put robust security measures in place to fully safeguard members’ data to prevent this from happening again.”

The embarrassing incident is not the first time that teachers’ details have been lost by a high-profile organisation.

In 2008, the General Teaching Council admitted that a disc containing the names and addresses of nearly 11,500 teachers had been lost in the post.

Again, no financial information was included, but it emerged that images of some teachers’ signatures, as well as email and school addresses, had also been on the disc.

The GTC apologised for the incident, which happened despite the information being sent using a full tracking service.