Loss of sensitive personal data.
An unencrypted laptop containing the personal data of 6,377 individuals was stolen from a locked office.
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
The laptop was not encrypted as it not intended to taken off NES premises and was therefore not considered a “mobile device” under NES internal policy at the time.
14 August 2009