What
Loss of personal data.
How much
80 records.
Why
A computer printout containing payroll information relating to the data controller’s UK employees was believed to have been stolen during an office move.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that physical security measures are at all times adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage, use, retention, or disposal of personal data. Adequate provision must be made for the secure transfer of personal data and procedures for this must be communicated to all staff, including removal contractors, in advance of any future office move or reorganisation.
Reason for action
The records were believed to have been stolen and were not suitably secure.
When
26 April 2010
Links
View PDF of the NCL (Bahamas) Ltd Undertaking (Breach Watch Archive)