The Information Commissioner’s Office (ICO) has fined two organisations for serious breaches of the Data Protection Act – the first to be issued under new tougher guidelines in the UK.
The security breach at Sheffield-based firm A4e happened in June 2010, after the company issued an unencrypted laptop to an employee in order to do work from home. The laptop was subsequently stolen from the employee’s house.
That wouldn’t have mattered too much, of course, if the laptop hadn’t contained sensitive information. Unfortunately it carried personal data relating to 24,000 people who had used community legal advice centres in Hull and Leicester.
Personal details recorded on the laptop included full names, dates of birth, postcodes, employment status, income level, information about alleged criminal activity and whether an individual had been a victim of violence.
It is understood that an unsuccesful attempt was made to access the data on the hard drive shortly after the computer was…
Read more in my article on the Naked Security website.