View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 6, 2011

Laptop encryption is basic security measure: ICO

Leaving laptops containing customers' personal details is a breach of Data Protection Act, Information watchdog says 

By CBR Staff Writer

Two organisations — the Association of School and College Leaders (ASCL) and Holly Park School in Barnet — breached the Data Protection Act by failing to encrypt personal information on laptops that were later stolen, the Information Commissioner’s Office (ICO) said.

The wathdog said that the ASCL breached the Data Protection Act in May 2011 when a laptop – containing sensitive personal data – was stolen from an employee’s home in Yorkshire.

At the time of the theft the laptop included unencrypted personal information relating to approximately 100 individuals, including details of their membership of the union and in some cases, details of their physical or mental health, said the ICO.

The ICO’s enquiries found that, while the laptop had encryption software installed on it, the decision on whether to encrypt individual documents was left to the employee.

The ICO said that Holly Park School in Barnet breached the Act when an unencrypted laptop was stolen from an unlocked office at the school on 1 May. The device contained details of pupils’ names, addresses, exam marks and some limited information relating to their health. After investigating the breach the ICO also discovered that the school had no data protection policy in place at the time of the theft.

The ICO said both organisations have now taken action to make sure the personal information they handle is protected. This includes ensuring that portable devices used to store personal data – including laptops – are appropriately encrypted. Both organisations will also introduce adequate checks to make sure their employees are following policies and procedures governing the secure use of personal information.

Acting Head of Enforcement Sally Anne Poole said all personal information – the loss of which is liable to cause individuals damage and distress – must be encrypted. "This is one of the most basic security measures and is not expensive to put in place – yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily," added Poole.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

"We are pleased that the Association of School and College Leaders and Holly Park School have taken action to make sure the personal information they collect remains secure."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU