What
Loss of personal data.
How much
100,000 records.
Why
An unencrypted laptop containing personal data was stolen from the locked hotel room of a contracted consultent.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that appropriate security measures are in place to restrict access to areas where personal data is stored. Any data held on portable media must be encrypted. All staff must be made aware of this policy, including contracted consultants.
Reason for action
The data controller did not ensure sufficient security measures were in place to prevent the transfer of the data in question on to a privately owned and unencrypted personal laptop.
When
28 May 2009
Links
View PDF of the Amicus Legal Ltd Undertaking (Breach Watch Archive)