The Information Commissioner has required a council to give an undertaking that it will encrypt memory sticks used to carry sensitive personal data. In a recent case, an employee lost a memory stick including case notes about vulnerable adults. The member of staff had had technical issues with the use of the encryption system, and had therefore used an unapproved, unencrypted device. Colleges and universities should note that the council avoided more serious sanctions by having promoted its data protection encryption policy widely, and having encouraged its staff to swap unapproved for approved devices. Where use is made of mobile data storing technology in FE and HE institutions, the institution must ensure appropriate levels of support, security measures, and clear terms of use. The full terms of the Cambridgeshire County Council undertaking of 23/02/2011 are available on the ICO website at
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings.