Loss of sensitive personal data.
13 unencrypted laptops were stolen during a burglary at secure council offices, with the exception of one stolen from a staff members car and another that was stolen during the course of a youth activity evening.
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
Three of these unencrypted laptops held sensitive personal data and the council did not take adequate steps to safeguard the data, either through encryption, or better physical security in respect of the two laptops stolen outside of council property.
7 July 2009