Breach details
| What | Loss of sensitive personal information. |
| How much | 958 records. |
| When | 2010 |
| Why | Theft of two unencrypted laptops (one work-issued, one personal) from a staff member’s home. The employee had been involved in a breach before, but no remedial action was taken. No home working risk assessment undertaken (although this was in policy). |
Regulatory action
| Regulator | ICO | Action | Monetary penalty of £ 80,000 |
| When | 08 February 2011 |
Why the regulator acted
| Breach of act | Unencrypted tapes were stolen, and have still not been recovered. Inappropriate organisational and technical measures. |
| Known or should have known | Data controller was aware of the possible consequences of the such an event, since policies were in place requiring home assessment and encryption of laptops. Both these policies were breached. |
| Likely to cause damage or distress | Personal data of clients. |
Links
| View PDF of the Ealing Council Monetary Penalty Notice (Breach Watch Archive) |
| View PDF of the Ealing Council Monetary Penalty Notice (Via ICO Website) |