Breach details
| What | Loss of sensitive personal information. |
| How much | 698 records. |
| When | 2010 |
| Why | Theft of unencrypted laptop from staff member’s home. There was no written contract in place with Ealing Council who processed the data. |
Regulatory action
| Regulator | ICO | Action | Monetary penalty of £ 70,000 |
| When | 8 February 2011 |
Why the regulator acted
| Breach of act | Theft of unencrypted laptop. Inappropriate organisational and technical measures. |
| Known or should have known | There were no policies requiring the encryption of laptops and the data processors policies were not monitored, despite the data controller having their own Information Security Policy. |
| Likely to cause damage or distress | Personal information of clients. |
Links
| View PDF of the Hounslow Council Monetary Penalty Notice (Breach Watch Archive) |
| View PDF of the Hounslow Council Monetary Penalty Notice (Via ICO Website) |