Loss of sensitive personal data.
Theft of an unencrypted laptop from a home address of an employee of a hired data processor.
Undertaking issued to ensure that all data processors contracted on the data controllers behalf comply with the principles of the Act and in particular that all potable media devices are sufficiently encrypted.
Reason for action
The data controller did not have an appropriate contract in place with the data processor which stipulated the need to encrypt devices containing personal data.
28 October 2011.