Glasgow City Council fined £150,000 after losing personal information for more than 20,000 people
The laptops had not been encrypted, to stop them being read by unauthorised users
The Information Commissioner has fined Glasgow City Council £150,000 after the theft of two laptops, one of which contained personal information on more than 20,000 people.
A further 74 unencrypted laptops are also missing, of which six were definitely stolen.
The council - issued with an enforcement notice three years ago after an unencrypted memory stick containing personal data was lost - claims to have taken steps to ensure a similar breach does not happen again.
The latest breach of the Data Protection Act happened on 28 May last year, when the council offices were being refurbished. One laptop had been locked away in a drawer, but the key to the drawer was kept in a different, unlocked drawer, along with the second laptop.
One of them contained the authority's creditor payment history file, which held personal information on 20,143 people, and the bank account details of 6,069.
Employees had asked for them to be encrypted but this had not happened.
Ken Macdonald, the ICO's assistant commissioner for Scotland told the BBC: "How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief.
"The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people's details have been compromised.
Noting the previous enforcement notice, he went on: "To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow."
A Glasgow City Council spokesman said: "It is important to note that the number of unencrypted laptops was already coming down when this theft occurred.
"The council co-operated fully with the Information Commissioner's Office and wrote to everyone potentially affected to advise them of the data loss.
"The ICO acknowledges there is no evidence that any bank accounts have been targeted, that the council immediately informed it of the theft and that we carried out significant remedial action."
- 1 Woman accidentally shoots herself in the head while posing for a selfie
- 2 Isis burns woman alive for refusing to engage in 'extreme' sex act, UN says
- 4 Female Muay Thai champion hustles coaches to give them a beating
- 5 16-year-old girl beaten and burned alive by lynch mob in Rio Bravo, Guatemala
Isis burns woman alive for refusing to engage in 'extreme' sex act, UN says
Purity balls: Girls in the US making virginity pledges as fathers vow to 'protect purity'
Female Muay Thai champion hustles coaches to give them a beating
Puerto Rico, island of lost dreams: People are leaving the debt-hit territory in droves as near neighbour Cuba's star rises
16-year-old girl beaten and burned alive by lynch mob in Rio Bravo, Guatemala
As a white man, I'm surprised more women aren't tweeting the hashtag #KillAllWhiteMen
Scotland may have to leave the EU even if it votes to stay in, David Cameron confirms
Report finds that Britain's wages are the most unequal in Europe
The day that Britain resigned as a global power
Almost a third of school pupils believe 'Muslims are taking over our country', study claims
SNP fury as HS2 finds 'no business case' for taking fast train service to Scotland
£40-50K: Guru Careers: We are seeking an experienced Software / C# Developer w...
£35 - 40k + Benefits: Guru Careers: We are seeking a Software Developer (JavaS...
£18000 - £23000 per annum + Commission: SThree: As a Trainee Recruitment Consu...