The information commissioner has dropped an enforcement notice against Marks & Spencer after the retailer encrypted every laptop across the organisation following a major security breach.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The Information Commissioner's Office (ICO) issued the enforcement notice in January after it found M&S in breach of the Data Protection Act, following the theft of an unecrypted laptop containing the personal information of 26,000 M&S employees.
The laptop, which contained details on employees' names, salary details, addresses, national insurance numbers, dates of birth and phone numbers, was stolen from a printing company.
The ICO cancelled the enforcement notice after Marks & Spencer confirmed it had completed its encryption programme in July.
Darrell Stein, IT director at M&S, told the ICO in a letter on 8 July that all 4,352 laptops in the organisation across 11 countries had been encrypted using software from Utimaco.
"Marks & Spencer will continue to ensure that personal data stored on laptops, including those acquired in future, are encrypted," he said.
M&S had originally appealed against the enforcement notice, in a case due to be heard this week, but withdrew the appeal in mid-July following the ICO's decision to drop the enforcement notice.
The retailer hired Morse, Computacenter and law firm Field Fisher Waterhouse to advise on the programme.
The printing firm had the database to allow it to write to employees about changes in the pension scheme. Marks & Spencer said the laptop was password-protected.