Skipton Financial Services (SFS) has breached the Data
Protection Act following the theft of an unencrypted laptop that
contained the personal information of 14,000 SFS
customers.
The Information Commissioner's Office (ICO) has found that the
laptop, which contained names, dates of birth, national insurance
numbers and investment amounts, was stolen from an SFS
contractor.
The ICO's view was that SFS should have had
appropriate encryption measures in place to keep the data
secure.
"It is not always possible to prevent the theft of mobile
devices such as laptops, but it is possible
to minimise the damage caused by such losses," said Mick
Gorrill, assistant commissioner at the ICO.
SFS has now signed a legal document undertaking to ensure the
security of personal data in the future. Sensitive information held
on laptop computers either by SFS or a contractor of SFS must be
encrypted to provide effective protection against unauthorised
access.
SFS has also undertaken to ensure that risk assessments are
carried out where
third parties are processing data on behalf of SFS.
Last year, Gordon Brown announced that the ICO would be given
increased powers to conduct spot checks of government departments.
The Information Commissioner has called for these powers to be
extended to cover all public bodies and private sector
organisations.