What
Loss of sensitive personal data.
How much
37,000 records.
Why
12 password protected laptops were stolen, two of which contained significant personal data.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that portable media devices and laptops containing personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage or use of personal data.
Reason for action
The laptops were unencrypted, although they were physically secure.
When
30 November 2009
Links
View PDF of the Department of the Finance and Personnel Undertaking (Breach Watch Archive)