Loss of sensitive personal information.
How much
Unknown.
Why
Theft of an unencrypted laptop from an employee’s home
Regulator
ICO
Regulatory action
Undertaking issued to ensure that all portable media devices used to store personal data are sufficiently encrypted and that staff are made aware of policies on data protection.
Reason for action
Enquiries revealed that the employee had not received any formal data protection/IT security training and was unaware of how to access the data controller’s secure network drive remotely. Although encrypted removable media was available to staff no technical measures were yet in place to enforce their use and it was also discovered that about 2,300 unencrypted laptops were likely to still be in use.
When
17 June 2010
Links
View PDF of West Sussex County Council Undertaking (Via ICO Website)
View PDF of West Sussex County Council Undertaking (Breach Watch Archive)