Questions and Answers
Updated 8th December 2009
What has happened?
Four laptops were stolen from the Council’s offices in St Peter’s Street, St Albans. The Council has worked with the Police and Northgate Information Solutions which manages our IT services, to investigate the matter. A summary report on the Council’s Investigation went to Cabinet on 1st December and is available at http://stalbans.moderngov.co.uk (see Cabinet, Tuesday 1st December 2009).
What was on the laptops?
Three of the laptops were new and are understood to hold no personal data. The fourth laptop contained some personal data concerning postal voters. This consists of names, addresses, dates of birth, signatures and copies of scanned postal vote application forms and postal vote statements, which are used to confirm the identity of postal voters. No financial information was held.
Were details of how I voted at the last election included?
No. No details of the individual votes cast are known by, or held by, the Council.
Was the data protected/encrypted?
The laptop was password protected and the elections software had a separate username and password, but the data itself was not encrypted.
Why was the data not encrypted?
Following the publication of security guidelines from Government Connect, the Council has invested in encryption software which is being installed on its laptops. As the guidelines relate to laptops that leave Council buildings, priority had been given to these. The laptop containing the election data was used inside the Council’s offices and had not been encrypted.
Is my data safe?
To date, there is no evidence that any of the data has been accessed or used. However, the Council wants to make sure that residents are protected, and as a precautionary measure, has arranged for CIFAS, the UK’s Fraud Prevention Service, to provide protection against misuse of the data for those residents whose data was on the missing laptop.
CIFAS will inform its member organisations - the major UK lenders - that the data may be at risk of being used for fraudulent activity, so that they make extra checks on behalf of those residents affected.
The Council stresses again that this is a precautionary measure only - there is no evidence that the data has been accessed or used.
How does the CIFAS protection work?
The protection provided by CIFAS (see above) through their Protective Registration Service will be in place for a minimum of 12 months and in practice means that extra checks will be carried out when applying for credit or insurance based services. This may cause some delay while the checks are made but will help avoid misuse of your data. It will not affect your credit rating.
More information about this service, including details of the relevant fraud prevention agencies and Protective Registration Questions and Answers, is available on the CIFAS website, www.cifas.org.uk.
- If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies.
- Law enforcement agencies may access and use this information.
- CIFAS and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- Checking details on applications for credit and credit related or other facilities
- Managing credit and credit related accounts or facilities
- Recovering debt
- Checking details on proposals and claims for all types of insurance
- Checking details of job applicants and employees.
How do I opt out of the CIFAS service?
If you have any objections to the processing of your personal data in this way and want to opt out of the scheme, please write to the Council:
St Albans City & District Council
St Peters Street
Herts AL1 3JE
Will it affect my ability to use a postal vote in future?
No. Your postal vote will not be affected at the next election and you do not need to reapply.
How do I come off the list to receive a postal vote?
If you would like to remove your postal vote, please telephone 01727 819291 or 819294 during office hours, or write to the Electoral Services Department at St Albans City and District Council, Civic Centre, St Peter’s Street, St Albans AL1 3JE.
When did the laptop go missing?
The internal investigation could not pinpoint when the laptops disappeared. The disappearance of the laptop containing the data was confirmed on 9th November after a search of the Council’s offices.
The Council has conducted an internal enquiry into the matter and the summary report to Cabinet from the 1st December 2009 can be found at http://stalbans.moderngov.co.uk
Where was the laptop located?
The laptop was located in an area of the building accessible only by electronic security swipe card.
Why was electoral information stored on a laptop?
The postal vote data was stored on a portable computer so that it could be carried to the election work area within the Council’s offices for postal vote checking at election times.
What should people do to protect themselves?
No financial information was stored on the laptop. However, it is sensible for people to be watchful. If, for example, you are contacted unexpectedly by anyone asking for personal information or are at all suspicious, it is wise not to give out information until you are completely satisfied that it is a genuine enquiry. If you do have concerns you may wish to contact your bank or building society and make them aware of the situation. The CIFAS protection mentioned above will provide a measure of protection against fraud.
What measures will the Council put in place to ensure that data is protected in the future?
The Council has conducted an internal investigation, led by its Head of Internal Audit. The Council has made changes to its operational arrangements and IT security has been stepped up.
What are the internal control requirements and were they followed?
The laptop was in the part of the building protected by electronic swipe card access when it disappeared. The Council’s policy says: “computer equipment is vulnerable to theft, loss or unauthorised access. Always secure laptops and portable equipment when leaving an office unattended.” The internal investigation found that the policy had not been fully implemented at the time of the thefts. Steps have now been taken to ensure the policy is implemented.
Is my financial information held by the council secure?
The Council has taken further steps to review all our systems to reassure residents of the integrity of our procedures. Further details are in the Cabinet summary report at http://stalbans.moderngov.co.uk (see Cabinet, Tuesday 1st December 2009).
As a gesture, why doesn’t the council pay for a credit check service so we can be warned if this information is being used?
The Council has arranged for CIFAS, the UK’s Fraud Prevention Service, to provide protection against misuse of the data. Details of this can be found above. This is as a precautionary measure only. The Council wants to make sure that residents are protected, but there is no evidence that the data has been accessed or used.
What if I have already taken out my own protection?
Some residents may have already made their own arrangements for protection. If you have taken out fraud or identify theft protection between the 16th November 2009 and 7th December 2009 and can provide the Council with evidence (such as a receipt), we will refund up to a maximum of £15. Please provide this information in writing marked CIFAS Claim to the Purchase Ledger Section, Financial Services, St Albans City & District Council, Civic Centre, St Peter’s Street, St Albans, AL1 3JE.
It is only necessary for the Council to see the information regarding this protection and confirmation that this relates to you - you can blank out other information, such as bank details, if providing a bank statement as evidence. Original or photocopies of the evidence will be accepted.
Do I need to contact the police?
No, not unless you have evidence that you have been the subject of identify fraud or have information about the disappearance of the Council laptops, in which case the Police can be contacted on 0845 3300 222.
Do I need to contact the Council?
There is no need to contact the Council, but if you would like to speak to someone about this matter, you can contact the Council’s team on 01727 819291 or 01727 819294.
So what happens now?
The Electoral Commission and the Information Commissioner’s Office have been informed of the matter.
The actions arising from the internal investigation will be implemented.
The summary report to Cabinet from the 1st December 2009 can be found at http://stalbans.moderngov.co.uk (see Cabinet, Tuesday 1st December 2009).