What
Loss of sensitive personal data.
How much
101 records.
Why
Two unencrypted memory sticks and papers containing the personal details of 101 individuals were stolen from an employee’s home.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that laptops used to store or transmit personal data are encrypted to a sufficient standard by no later than 16 March 2012. Hard copy documentation must only be removed from the office when absolutely necessary and a specific policy must be put in place to cover working away from the office.
Reason for action
The laptop did not contain any personal data and was password protected, as well as having third software installed allowing its usage to be tracked. No usage has been logged since the threat. However the USB sticks contained sensitive personal information and at the time if the incident, encryption of such devices was not mandatory. There was no specific policy to cover working outside of the office.
When
09 March 2012.
Links
View PDF of the Enable Scotland (Leading the Way) Undertaking (Via ICO Website)
View PDF of the Enable Scotland (Leading the Way) Undertaking (Breach Watch Archive)