Loss of personal data.
Four unencrypted laptops were stolen, one of which contained personal data.
Undertaking issued to ensure that all portable media devices used to store or transmit personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage, use, or disposal of personal data. Adequate security checks must be carried out on contractor’s staff.
Reason for action
The laptop containing personal data was unencrypted (yet met Council IT security policy at the time) and contained redundant election data that had not been removed in a reasonable amount of time. It was later taken by contracted IT staff and left unsecured, later discovered to be missing along with 3 other laptops.
5 March 2010
View PDF of the St Albans City and District Council Undertaking (Breach Watch Archive)