Loss of personal data.
An unencrypted laptop containing personal data was stolen from the locked hotel room of a contracted consultent.
Undertaking issued to ensure that appropriate security measures are in place to restrict access to areas where personal data is stored. Any data held on portable media must be encrypted. All staff must be made aware of this policy, including contracted consultants.
Reason for action
The data controller did not ensure sufficient security measures were in place to prevent the transfer of the data in question on to a privately owned and unencrypted personal laptop.
28 May 2009
View PDF of the Amicus Legal Ltd Undertaking (Breach Watch Archive)