What
Loss of personal data.
How much
2,135 records.
Why
18 laptops were lost or stolen from the data controller’s Edinburgh offices, two of which were unencrypted and contained personal data.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that all portable media devices used to store or transmit personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage, use, or disposal of personal data.
Reason for action
An internal investigation revealed that the data controller was uncertain of the precise location of these laptops at any given time. Physical security was insufficient and managers were unaware that the two laptops contained personal data.
When
16 March 2010
Links
View PDF of the Royal London Mutual Insurance Society Ltd Undertaking (Breach Watch Archive)