Skipton Financial Services (SFS) has breached the Data Protection Act following the theft of an unencrypted laptop that contained the personal information of 14,000 SFS customers.
The Information Commissioner's Office (ICO) has found that the laptop, which contained names, dates of birth, national insurance numbers and investment amounts, was stolen from an SFS contractor.
The ICO's view was that SFS should have had appropriate encryption measures in place to keep the data secure.
"It is not always possible to prevent the theft of mobile devices such as laptops, but it is possible to minimise the damage caused by such losses," said Mick Gorrill, assistant commissioner at the ICO.
SFS has now signed a legal document undertaking to ensure the security of personal data in the future. Sensitive information held on laptop computers either by SFS or a contractor of SFS must be encrypted to provide effective protection against unauthorised access.
SFS has also undertaken to ensure that risk assessments are carried out where third parties are processing data on behalf of SFS.
Last year, Gordon Brown announced that the ICO would be given increased powers to conduct spot checks of government departments. The Information Commissioner has called for these powers to be extended to cover all public bodies and private sector organisations.