Breach details
| What | Theft of an unencrypted laptop containing personal data including names, passport details, addresses and contact details. |
| How much | 970 records. |
| When | 08 August 2012. |
| Why | An unencrypted, unsecured laptop containing the details of 970 individuals who had attended hospitality events organised by Panasonic UK was stolen from an unlocked hotel room. These events were being run by a third party company on behalf of Panasonic, and Panasonic’s comprehensive data protection policies that would have prevented this breach were therefore not automatically applied. However, it appears that these policies were not communicated to the company and the data protection provisions listed in the contract were extremely limited. Moreover, passport information was collected from all guests and then retained regardless of whether this information was necessary. |
Regulatory action
| Regulator | ICO | |
| Action | Undertaking to comply with the seventh data protection principle. | |
| When | Unknown. | |
| Details | Panasonic UK is to ensure that all third party company data controllers are governed by adequate contracts and checks to ensure that they are complying with data protection policies. Panasonic are also to ensure that personal data is only collected for a specified, valid purpose and is not retained for longer than is necessary. Other security measures should be implemented as appropriate. |
Links
| View PDF of the Panasonic UK Undertaking (Breach Watch Archive) |
| View PDF of the Panasonic UK Undertaking (Via ICO Website) |
Follow Up
| The ICO conducted a follow up assessment on 11 December 2013 (published on 30 December). |
| View PDF of the Panasonic UK Undertaking Follow Up (Breach Watch Archive) |
| View PDF of the Panasonic UK Undertaking Follow Up (Via ICO Website) |