Loss of sensitive personal data.
Two unencrypted memory sticks and papers containing the personal details of 101 individuals were stolen from an employee’s home.
Undertaking issued to ensure that laptops used to store or transmit personal data are encrypted to a sufficient standard by no later than 16 March 2012. Hard copy documentation must only be removed from the office when absolutely necessary and a specific policy must be put in place to cover working away from the office.
Reason for action
The laptop did not contain any personal data and was password protected, as well as having third software installed allowing its usage to be tracked. No usage has been logged since the threat. However the USB sticks contained sensitive personal information and at the time if the incident, encryption of such devices was not mandatory. There was no specific policy to cover working outside of the office.
09 March 2012.
View PDF of the Enable Scotland (Leading the Way) Undertaking (Via ICO Website)
View PDF of the Enable Scotland (Leading the Way) Undertaking (Breach Watch Archive)