STOLEN DATA SHOULD HAVE BEEN ENCRYPTED - MATHESON MUST TAKE ACTION NOW TO HAVE ALL SENSITIVE DATA ENCRYPTED

SNP MSP Humza Yousaf has written to Glasgow City Council Leader Gordon Matheson demanding an immediate assurance that they will do more than the 'bare minimum' and that all personal data will be encrypted - and not wait for the outcome of an internal audit.

Following revelations that the unencrypted details of almost 38,000 people and businesses were on a laptop stolen from council offices a fortnight ago - in many cases including bank details - Mr Yousaf has accused the Council of giving "only a cursory glance" to guidelines on encryption from the Information Commissioner's Office. He argues that steps should be taken immediately to ensure that all sensitive data is encrypted -  rather than just password protected - and questions why this was not already happening.

Commenting, Mr Yousaf, MSP for Glasgow, said:

"The loss of such a large amount of personal data - including that of some very vulnerable people - has greatly damaged public trust in the Council and could have serious ramifications for the authority.

"Guidelines from the Information Commissioner's Office strongly urge that data of this nature should always be encrypted - yet we find that this data was only password protected.

"It appears that the Council have done only the bare minimum in terms of complying with data protection legislation, and have given only a cursory glance to the Information Commissioner's guidelines.

"Had this data been encrypted, the distress caused to the tens of thousands of people caught up in this breach would be considerably less.

"A full investigation is now underway, but Cllr Matheson should not wait for the outcome of this to take some of the basic steps the Council should already have been taking - I am frankly astonished that he was not already doing so."