What
Loss of personal data.
How much
Around 2,100 records.
Why
An unencrypted disc containing personal data was lost.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. Personal data must not be kept any longer than absolutely necessary. Written data protection procedures must adopted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
The disc was unencrypted and contained data relating to policies which had expired, or been cancelled, in some cases over 10 years ago. An investigation revealed that staff had insufficient internal training.
When
23 June 2009
Links
View PDF of the Jubilee Managing Agency Ltd Undertaking (Breach Watch Archive)