Eastbourne Borough Council

What
Loss of personal data.

How much
Three records.

Why
Three unencrypted laptops were stolen from the general office.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all portable media devices used to store or transmit personal data are suitably encrypted. Physical security measures must at all times be adequate to prevent unauthorised access to personal data Staff must be made aware of and trained to follow the data controller’s policy for the storage, use, retention, or disposal of personal data.

Reason for action
The office had a electronic lock that staff knew to be faulty and the laptops were neither encrypted  nor physically secured to the desks or locked away. The data controller had recently relocated and staff did not have access to the central network for some time, resulting in the use of the laptop to store and update a database containing personal information.

When
29 April 2010

Links
View PDF of the Eastbourne Borough Council Undertaking (Breach Watch Archive)