Loss of sensitive personal data.
A unencrypted laptop was stolen from a secure, but unattended, motor vehicle in a public car park.
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. Measures must be taken to ensure the physical security of all such devices containing personal information. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
The laptop was unencrypted despite containing details relating to criminal convictions.
17 July 2009
View PDF of the Repair Management Services Ltd Undertaking (Breach Watch Archive)