Loss sensitive of personal data.
10 back up tapes and a USB portable hard drive were stolen. The USB hard drive and five of the back up tapes were not encrypted.
Undertaking issued to ensure that the physical security of personal data be ensured. All portable media devices containing personal data must be encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
Physical security was adequate, as the devices were kept in a locked firesafe in a locked and alarmed environment, but the lack of encryption was unacceptable.
10 July 2009