|Loss of sensitive personal information.
|Theft of two unencrypted laptops (one work-issued, one personal) from a staff member’s home. The employee had been involved in a breach before, but no remedial action was taken. No home working risk assessment undertaken (although this was in policy).
|Monetary penalty of £ 80,000
|08 February 2011
Why the regulator acted
|Breach of act
|Unencrypted tapes were stolen, and have still not been recovered. Inappropriate organisational and technical measures.
|Known or should have known
|Data controller was aware of the possible consequences of the such an event, since policies were in place requiring home assessment and encryption of laptops. Both these policies were breached.
|Likely to cause damage or distress
|Personal data of clients.
|View PDF of the Ealing Council Monetary Penalty Notice (Breach Watch Archive)
|View PDF of the Ealing Council Monetary Penalty Notice (Via ICO Website)