Inappropriate processing of personal data
An unencrypted laptop computer was stolen from Moore Stephens Consulting, who had been engaged to provide professional consultancy services to SFS in relationship to a software development project.
Undertaking issued to ensure that sensitive personal data must be encrypted. Risk assessments must be carried out to confirm the adequacy and effectiveness of technical and organisational security measures, including those taken by third parties.
Reason for action
The ICO had received a complaint about the data controller’s breach of the Seventh Data Protection Principle.
18 February 2008