Loss of personal data.
A computer printout containing payroll information relating to the data controller’s UK employees was believed to have been stolen during an office move.
Undertaking issued to ensure that physical security measures are at all times adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage, use, retention, or disposal of personal data. Adequate provision must be made for the secure transfer of personal data and procedures for this must be communicated to all staff, including removal contractors, in advance of any future office move or reorganisation.
Reason for action
The records were believed to have been stolen and were not suitably secure.
26 April 2010
View PDF of the NCL (Bahamas) Ltd Undertaking (Breach Watch Archive)