The Information Commissioners Office (ICO) has reported that a historical society has breached data protection laws when one of its work laptops were stolen.
An employee was using it away from the workplace and had set it down in an undisclosed location when a break-in occurred, and the laptop – among other things – was stolen. The laptop, purchased by the historical society, contained sensitive personal information of artefact donors.
The ICO did not further explain exactly what information this included.
Our Data Protection laws are governed by a set of principles to ensure companies and authorities do everything they can to make sure that, as a data controller, personal information is protected. They need to actively safeguard your information to prevent any third parties illegally accessing or misusing it.
In this case, the ICO reported that the historical society breached the 7th principle:
The ICO condemned the situation for a number of reasons:
The ICO’s report further emphasised past enforcement cases where a similar incident happened and that the historical society should have reasonably been aware that they ought to increase their security. The only security measure the society had was that the laptop was password protected.
For the historical society’s shortcomings in providing adequate security for their donors’ personal information, the ICO issued a fine of £500, with consideration of the nature of the organisation’s work.
For the victims who have had their personal information potentially exposed and compromised, there is an option to seek financial compensation for any harm or distress caused.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.