Glasgow City Council fined £150,000 after losing personal information for more than 20,000 people
The laptops had not been encrypted, to stop them being read by unauthorised users
The Information Commissioner has fined Glasgow City Council £150,000 after the theft of two laptops, one of which contained personal information on more than 20,000 people.
A further 74 unencrypted laptops are also missing, of which six were definitely stolen.
The council - issued with an enforcement notice three years ago after an unencrypted memory stick containing personal data was lost - claims to have taken steps to ensure a similar breach does not happen again.
The latest breach of the Data Protection Act happened on 28 May last year, when the council offices were being refurbished. One laptop had been locked away in a drawer, but the key to the drawer was kept in a different, unlocked drawer, along with the second laptop.
One of them contained the authority's creditor payment history file, which held personal information on 20,143 people, and the bank account details of 6,069.
Employees had asked for them to be encrypted but this had not happened.
Ken Macdonald, the ICO's assistant commissioner for Scotland told the BBC: "How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief.
"The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people's details have been compromised.
Noting the previous enforcement notice, he went on: "To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow."
A Glasgow City Council spokesman said: "It is important to note that the number of unencrypted laptops was already coming down when this theft occurred.
"The council co-operated fully with the Information Commissioner's Office and wrote to everyone potentially affected to advise them of the data loss.
"The ICO acknowledges there is no evidence that any bank accounts have been targeted, that the council immediately informed it of the theft and that we carried out significant remedial action."
When teaching the meaning of Christmas backfires
- 2 Harry Potter fans can apply to the Hogwarts-inspired College of Wizardry
- 3 Jessica Chambers: 19-year-old woman 'doused with lighter fluid and burned alive' in the US
- 4 Russell Brand calls Nigel Farage 'poundshop Enoch Powell' in BBC Question Time debate
- 5 Orange Wednesdays are no more
Weather bomb in pictures: Storms cuts power for tens of thousands – and snow is on the way
Jessica Chambers: 19-year-old woman 'doused with lighter fluid and burned alive' in the US
Russell Brand calls Nigel Farage 'poundshop Enoch Powell' in BBC Question Time debate
Russell Brand was rendered speechless on Question Time by this man
Fury at Airbus after it hints the super-jumbo may be mothballed
Nigel Farage: Me vs Russell Brand on Question Time – he's got the chest hair but where are his ideas?
Shock poll shows voters believe Ukip is to the left of the Tories
New era of cheap oil 'will destroy green revolution'
Disgruntled RBS worker writes hilarious open letter to Russell Brand after anti-capitalist publicity stunt leaves him hungry
Ukip founder Alan Sked and Nigel Farage 'begged Enoch Powell to stand as a candidate'
Ukip candidate jokes about 'shooting peasants' in racist and homophobic rant
£25000 per annum: Ashdown Group: An established media firm based in Surrey is ...
£40000 - £470000 per annum + bonus: Ashdown Group: Java Developer / J2EE Devel...
£70000 per annum: Ashdown Group: Head of Finance - Financial Controller - Fina...
£30000 - £65000 per annum: Recruitment Genius: This small technology business ...