Reading:
ICO issues fine for historical society who had a laptop containing donor information stolen
Share:

ICO issues fine for historical society who had a laptop containing donor information stolen

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

The Information Commissioners Office (ICO) has reported that a historical society has breached data protection laws when one of its work laptops were stolen.

An employee was using it away from the workplace and had set it down in an undisclosed location when a break-in occurred, and the laptop – among other things – was stolen. The laptop, purchased by the historical society, contained sensitive personal information of artefact donors.

The ICO did not further explain exactly what information this included.

Our Data Protection laws are governed by a set of principles to ensure companies and authorities do everything they can to make sure that, as a data controller, personal information is protected. They need to actively safeguard your information to prevent any third parties illegally accessing or misusing it.

In this case, the ICO reported that the historical society breached the 7th principle:

“Appropriate technical or organisational measures shall be taken against unauthorised/ unlawful processing of personal data and against accidental loss of destruction of, or damage to personal data”.

The ICO condemned the situation for a number of reasons:

The laptop wasn’t encrypted, and because of the nature of the information the device held, it should have been encrypted. Encryption is a basic security measure that can be highly effective. Mobile devices used for work must comply with security protocols to make sure they are secure for use and will remain protected in and out of the office.
The historical society didn’t have any policies regarding people working away from the work place or using devices away from the work place. The environment can be vastly different when working way from home and security protocols must be put in place to make sure that the employee can work to a standard that ensures data protection laws are always complied with.
There was no provision of storage for mobile devices. Similar to above, work mobile devices should be kept safe in the work place when not in use, or whenever possible. The ICO recognises that mobile devices have a high risk of theft, and that the historical society ought to be aware of this too. Following this, there was an unmet expectation that the society should have taken appropriate security measures to prevent the theft, as well as having further safeguards in place for the data should a theft occur.

The ICO’s report further emphasised past enforcement cases where a similar incident happened and that the historical society should have reasonably been aware that they ought to increase their security. The only security measure the society had was that the laptop was password protected.

For the historical society’s shortcomings in providing adequate security for their donors’ personal information, the ICO issued a fine of £500, with consideration of the nature of the organisation’s work.

For the victims who have had their personal information potentially exposed and compromised, there is an option to seek financial compensation for any harm or distress caused.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon