Theft of an unencrypted Laptop during a domestic burglary.
Undertaking issued to ensure that all portable media devices are sufficiently encrypted and that staff are sufficiently trained and monitored in the Data controllers security policies.
Reason for action
Although the laptop was password protected and used with permission it was not encrypted and it emerged that only some of the data it contained had been backed up on the office server. It was concluded that the data controller had not provided adequate guidance on physical security.
11 November 2010