Loss of personal data.
An unencrypted laptop containing personal data relating to staff and patients was stolen from an employee’s hotel room.
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it. Compliance with these policies must be monitored.
Reason for action
The laptop was unencrypted and stolen from the employee while he was attending a conference.
26 June 2009