Confidential social services data found on USB stick in Stoke-on-Trent

According to the Sentinel newspaper, the social services records of foster carers, family court proceedings, parenting assessments, child custody arrangements and even the psychological history of children in care were included in the files.

The paper appears to have reported the incident to the Information Commissioners' Office (ICO), as well as returning the USB stick to the council, which has launched an urgent investigation into the affair.

According to a weekend newswire report, the USB stick was in possession of a social worker, who appears to have broken several security rules, including one that data taken out of the office should be encrypted.

The Sentinel quoted a council spokesperson saying that the safety of children in our care is our priority. "We have procedures for ensuring that confidential and sensitive data is kept as secure as possible."

"We will conduct a thorough investigation to determine the circumstances in which the data was lost."

"We thank The Sentinel for returning the data, as situations such as this require immediate attention. The device has been put in a safe place."

The 53-year-old IT security consultant who found the USB stick told the paper that he picked the stick up as, whilst it was covered in mud, it was still worth about around £10.00.

On plugging the stick into a computer, however, he found around 40 files on the drive.

In its story on the incident, the Sentinel quoted an ICO spokesman as saying: "We may serve an enforcement notice if an organisation has failed to comply with any of the data protection principles.

"We have statutory power to impose a financial penalty if there has been a serious breach of data protection."

According to Nick Lowe, regional director with Check Point Software Technologies, the data was clearly not encrypted, which is against the council's own data protection policies.

"This highlights the fact that policies alone are not enough to protect sensitive data: the encryption has to be automated and 'always on' to stop these breaches happening and avoid penalties from the ICO", he said.

Check Point has developed its own secure USB stick, the Abra, which was developed in conjunction with Sandisk and allows users to carry their office computing environment – complete with data files – around in their pocket.

When plugged into a suitable host computer, the Abra allows users access to a secure working environment that also remains under control of the company's IT department.

What’s hot on Infosecurity Magazine?