Loss of sensitive personal data.
Loss of an unencrypted USB stick containing sensitive personal data. This was the second data security incident reported by the data controller within 6 months.
Undertaking issued to ensure that all portable media devices used to store sensitive personal data are encrypted to a sufficient standard.
Reason for action
The USB stick had been used in 2005 by a member of the data controller’s social work department and was not encrypted or password-protected. Although the data controller had provided encrypted USB sticks since 2006 it never required the return of previously used unencrypted media devices.
27 May 2010