Loss of sensitive personal data.
An unencrypted desktop computer containing personal data was stolen from a locked office.
Undertaking issued to ensure that appropriate security measures are in place to restrict access to areas where personal data is stored. Any data held on portable media must be encrypted and only held for as long as absolutely necessary. Mandatory induction data protection training must to given to all staff.
Reason for action
The desktop computer was not secured to the desk or encrypted. Initially the incident was treated only as a loss of equipment, resulting in a delay of over one month in reporting and investigating the loss of personal data.
22 May 2009