Oldham Council | Breach Watch

What
Loss of sensitive personal data.

How much
220 records.

Why
13 unencrypted laptops were stolen during a burglary at secure council offices, with the exception of one stolen from a staff members car and another that was stolen during the course of a youth activity evening.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
Three of these unencrypted laptops held sensitive personal data and the council did not take adequate steps to safeguard the data, either through encryption, or better physical security in respect of the two laptops stolen outside of council property.

When
7 July 2009

Links
View PDF of the Oldham Council Undertaking (Breach Watch Archive)

FCA/FSA (7)	£ 7,777,000
ICO DPA (55)	£ 5,573,500