Monthly Archives: November 2009

Department of Finance and Personnel

Posted on by

What
Loss of sensitive personal data.

How much
37,000 records.

Why
12 password protected laptops were stolen, two of which contained significant personal data.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that portable media devices and laptops containing personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage or use of personal data.

Reason for action
The laptops were unencrypted, although they were physically secure.

When
30 November 2009

Links
View PDF of the Department of the Finance and Personnel Undertaking (Breach Watch Archive)

Orbit Heart of England Housing Association

Posted on by

What
Loss of sensitive personal data.

How much
1,000 records.

Why
57 paper files went missing at the time of an office move, although 42 of them had been recovered intact.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all staff are made aware of and, trained to follow, the data controller’s new procedures with regards to office moves.

Reason for action
Investigations revealed that no inventory of files had been made prior to the move, so staff were initially uncertain as to how many files should have been received at the new office and that many of the files had not be unpacked after 6 months.

When
30 November 2009

Links
View PDF of the Orbit Heart of England Housing Association Undertaking (Breach Watch Archive)

Waseley Hills High School and Sixth Form center

Posted on by

What
Loss of sensitive personal data.

How much
1,170 records.

Why
An unencrypted school laptop computer containing the personal and sensitive personal data of 984 pupils and 186 members of staff was stolen.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that portable media devices and laptops containing personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage or use of personal data.

Reason for action
The laptop was unencrypted.

When
24 November 2009

Links
View PDF of the Waseley Hills High School and Sixth Form Undertaking (Breach Watch Archive)

Great Yarmouth & Waveney Primary Care Trust

Posted on by

What
Loss of sensitive personal data.

How much
1,000 records.

Why
Two desktop computers were stolen from premises with minimal security.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that portable media devices and laptops containing personal data are suitably encrypted and password protected. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage or use of personal data.

Reason for action
The desktop computers were both unencrypted and without password protection. The data held on these computers should have been held on a network server. The premises where the computers were stored had no intruder alarm or security locks.

When
3 November 2009

Links
View PDF of the Great Yarmouth & Waveney Primary Care Trust Undertaking (Breach Watch Archive)