Legal help for data breach compensation claims

ICO issues fine for historical society who had a laptop containing donor information stolen

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

The Information Commissioners Office (ICO) has reported that a historical society has breached data protection laws when one of its work laptops were stolen.

An employee was using it away from the workplace and had set it down in an undisclosed location when a break-in occurred, and the laptop – among other things – was stolen. The laptop, purchased by the historical society, contained sensitive personal information of artefact donors.

The ICO did not further explain exactly what information this included.

Our Data Protection laws are governed by a set of principles to ensure companies and authorities do everything they can to make sure that, as a data controller, personal information is protected. They need to actively safeguard your information to prevent any third parties illegally accessing or misusing it.

In this case, the ICO reported that the historical society breached the 7th principle:

“Appropriate technical or organisational measures shall be taken against unauthorised/ unlawful processing of personal data and against accidental loss of destruction of, or damage to personal data”.

The ICO condemned the situation for a number of reasons:

The laptop wasn’t encrypted, and because of the nature of the information the device held, it should have been encrypted. Encryption is a basic security measure that can be highly effective. Mobile devices used for work must comply with security protocols to make sure they are secure for use and will remain protected in and out of the office.
The historical society didn’t have any policies regarding people working away from the work place or using devices away from the work place. The environment can be vastly different when working way from home and security protocols must be put in place to make sure that the employee can work to a standard that ensures data protection laws are always complied with.
There was no provision of storage for mobile devices. Similar to above, work mobile devices should be kept safe in the work place when not in use, or whenever possible. The ICO recognises that mobile devices have a high risk of theft, and that the historical society ought to be aware of this too. Following this, there was an unmet expectation that the society should have taken appropriate security measures to prevent the theft, as well as having further safeguards in place for the data should a theft occur.

The ICO’s report further emphasised past enforcement cases where a similar incident happened and that the historical society should have reasonably been aware that they ought to increase their security. The only security measure the society had was that the laptop was password protected.

For the historical society’s shortcomings in providing adequate security for their donors’ personal information, the ICO issued a fine of £500, with consideration of the nature of the organisation’s work.

For the victims who have had their personal information potentially exposed and compromised, there is an option to seek financial compensation for any harm or distress caused.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Author on January 16, 2017
Posted in the following categories: Latest and tagged with

Multinational hotel chain hit by data breach: credit and debit data stolen!
NHS admin worker guilty of illegally accessing sensitive medical records of her friends and family