Hounslow Council

Posted on 8 February 2011 by BreachMaster

Breach details

What	Loss of sensitive personal information.
How much	698 records.
When	2010
Why	Theft of unencrypted laptop from staff member’s home. There was no written contract in place with Ealing Council who processed the data.

Regulatory action

Regulator	ICO
Action	Monetary penalty of £ 70,000
When	8 February 2011

Why the regulator acted

Breach of act	Theft of unencrypted laptop. Inappropriate organisational and technical measures.
Known or should have known	There were no policies requiring the encryption of laptops and the data processors policies were not monitored, despite the data controller having their own Information Security Policy.
Likely to cause damage or distress	Personal information of clients.

Links

View PDF of the Hounslow Council Monetary Penalty Notice (Breach Watch Archive)

View PDF of the Hounslow Council Monetary Penalty Notice (Via ICO Website)

Hertfordshire County Council

Posted on 22 November 2010 by BreachMaster

Breach details

What	Loss of highly sensitive personal information by fax.
How much	47 records.
When	11 June 2010
Why	Two faxes were sent to the wrong recipients.

Regulatory action

Regulator	ICO
Action	Monetary penalty of £ 100,000
When	22 November 2010

Why the regulator acted

Breach of act	Faxes sent to the wrong recipient. Inappropriate organisational and technical measures.
Known or should have known	The ICOs advice on faxing protocols after the first incident were ignored, but the risk had been made clear.
Likely to cause damage or distress	Data relating to vulnerable children.

Links

View PDF of the Hertfordshire County Council Monetary Penalty Notice (Breach Watch Archive)

View PDF of the Hertfordshire County Council Monetary Penalty Notice (Via ICO Website)

A4e Ltd

Posted on 22 November 2010 by BreachMaster

Breach details

What	Loss of sensitive personal information.
How much	24,000 records.
When	18/19 June 210
Why	Theft of an unencrypted laptop from staff member’s home.

Regulatory action

Regulator	ICO
Action	Monetary penalty of £ 60,000
When	22 November 2010

Why the regulator acted

Breach of act	Theft of an unencrypted laptop. Inappropriate organisational and technical measures..
Known or should have known	Data controller was aware of the possible consequences of laptops being stolen and had commenced a laptop encryption program.
Likely to cause damage or distress	Financial and personal information of clients.

Links

View PDF of the A4e Ltd Monetary Penalty Notice (Breach Watch Archive)

View PDF of the A4e Ltd Monetary Penalty Notice (Via ICO Website)