Breach details
What | The theft of laptops containing sensitive personal data including prison records and offender details. |
How much | Approximately 4,500 records held on eight laptops. |
When | 14 August 2010. |
Why | These police forces were part of the East Midlands Collaboration Unit (EMCU), whose offices were burgled in August 2010. Eight laptops belonging to seconded offices were stolen; they had not been stored in available lockable containers and two were unencrypted. Derbyshire and Leicestershire Police had not undertaken their own risk assessments and relied on the security measures of Nottingham Police. However, this did not specify that laptops should be encrypted, made no provision for locking them in containers, and did not monitor the offices during this period. |
Regulatory action
Regulator | ICO | Action | Enforcement Notice issued to limit the sharing of personal data. |
When | 18 June 2013 |
Details | These police forces shall only share personal data as part of a collaborative project if a Senior Information Risk Owner has been appointed to oversee the work and risk assess the premises; laptop and other portable electronic security devices are encrypted; and all officers involved in the project are given appropriate training. These measures should been implemented within 35 days. |