Alan M Casson & Associates

What

Loss of sensitive personal data.

How much

8,000 records.

Why

Theft of two unencrypted laptops and back up media during a burglary of premises.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that physical security measures are sufficient to prevent unauthorised access to persona data and that all portable media devices must be encrypted to a suitable standard.

Reason for action

While the laptops were kept in a locked cupboard and the backup media in a safe (which was stolen) the data controller was in the process of upgrading their security to include encryption, but the theft occurred before this could be put into practice.

When

06 December 2011.

Links

View PDF of the Alan M Casson & Associates Undertaking (Via ICO Website)

View PDF of the Alan M Casson & Associates Undertaking (Breach Watch Archive)

Ruth Crawford QC

What

Loss of sensitive personal data.

How much

Unknown.

Why

Theft of an unencrypted laptop from the Data Controller’s home.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that personal media devices used to store data are sufficiently encrypted.

Reason for action

Although it was concluded that the laptop was suitably secure physically, insufficient technical security measures were taken.

When

16 November 2011.

Links

View PDF of the Ruth Crawford QC Undertaking (Via ICO Website)

View PDF of the Ruth Crawford QC Undertaking (Breach Watch Archive)

Newcastle Youth Offending Team

What

Loss of sensitive personal data.

How much

100 records.

Why

Theft of an unencrypted laptop from a home address of an employee of a hired data processor.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all data processors contracted on the data controllers behalf comply with the principles of the Act and in particular that all potable media devices are sufficiently encrypted.

Reason for action

The data controller did not have an appropriate contract in place with the data processor which stipulated the need to encrypt devices containing personal data.

When

28 October 2011.

Links

View PDF of the Newcastle Youth Offending Team Undertaking (Via ICO Website)

View PDF of the Newcastle Youth Offending Team Undertaking (Breach Watch Archive)

Association of School and College Leaders

What

Loss of sensitive personal data.

How much

100 records.

Why

Theft of unencrypted laptop from staff member’s home.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all portable media devices are encrypted.

Reason for action

Although encryption software was provided, whether or not to use it was left to the discretion of staff members.

When

05 October 2011.

Links

View PDF of the Association of School and College Leaders Undertaking (Via ICO Website)

View PDF of the Association of School and College Leaders Undertaking (Breach Watch Archive)

Holly Park School

What

Loss of sensitive personal data.

How much

Nine records.

Why

Theft of an unencrypted laptop from school premises.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all portable media devices are encrypted and are kept physically secure.

Reason for action

Although the laptop was kept in a locked filling cabinet the office it was housed in was not locked.

When

05 October 2011.

Links

View PDF of the Holly Park School Undertaking (Via ICO Website)

View PDF of the Holly Park School Undertaking (Breach Watch Archive)

London Ambulance Service NHS Trust

What

Loss of sensitive personal data.

How much

Unknown.

Why

Theft of unencrypted laptop from a staff member’s home.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff members are made aware sensitive personal data is not to be forwarded to personal email accounts under any circumstances.

Reason for action

Data was emailed by a staff member to a personal account and downloaded onto a personal, unencrypted, laptop.

When

07 September 2011.

Links

View PDF of the London Ambulance Service NHS Trust Undertaking (Via ICO Website)

View PDF of the London Ambulance Service NHS Trust Undertaking (Breach Watch Archive)

HCA international Limited

What

Loss of sensitive personal data.

How much

Unknown.

Why

Theft of an unencrypted laptop from one of the group’s hospitals.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that sufficient standard encryption is used and physical security is upgraded.

Reason for action

  • Laptop containing the data was unencrypted.
  • Physical security of the laptop was deemed insufficient to prevent theft.

When

05 August 2011.

Links

View PDF of the HCA International Limited Undertaking (Via ICO Website)

View PDF of the HCA International Limited Undertaking (Breach Watch Archive)

Cherubs Community Playgroup

What

Loss of sensitive personal data.

How much

47 records.

Why

Theft of an unencrypted laptop from the premises.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that laptops containing sensitive personal information are encrypted and sufficient physical security measures are implemented.

Reason for action

The playgroup’s premises were located in a publically used building and security measures were only implemented during playgroup hours.

When

28 June 2011.

Links

View PDF of the Cherubs Community Playgroup Undertaking (Via ICO Website)

View PDF of the Cherubs Community Playgroup Undertaking (Breach Watch Archive)

Asperger’s Children & Carers Together (ACCT)

What

Loss of sensitive personal data

How much

Unknown.

Why

Theft of an unencrypted laptop from an employee’s home.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that portable media devices are suitably encrypted

Reason for action

The stolen laptop was unencrypted and investigation revealed that the data controller’s policies and procedures did not fully comply with the Act’s requirements.

When

27 May 2011.

Links

View PDF of the Asperger’s Children & Carers Together Undertaking (Via ICO Website)

View PDF of the Asperger’s Children & Carers Together Undertaking (Breach Watch Archive)

Freehold Community School

What

Loss of personal data.

How much

90 records.

Why

An unencrypted laptop and paper work was stolen from a teacher’s car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that portable media devices are suitably encrypted.

Reason for action

The data controller was unaware of the necessity to ensure the encryption of portable media devices.

When

21 April 2011.

Links

View PDF of the Freehold Community School Undertaking (Via ICO Website)

View PDF of the Freehold Community School Undertaking (Breach Watch Archive)