M&S laptop theft
25 January 2008
The ICO has issued an enforcement notice against Marks & Spencer in relation to the theft of an unencrypted laptop containing the personal pension details of 26,000 M&S employees. The laptop was stolen during a burglary at the home of a director of an independent pension scheme contractor retained by M&S.
The ICO found that M&S was in breach of the Data Protection Act, which requires appropriate measures to be taken to prevent unauthorised or unlawful processing of personal data and accidental loss or destruction of personal data. M&S is required to ensure that all laptop hard-drives are fully encrypted by April 2008. Failure to comply would be a criminal offence and would render M&S liable to further action by the ICO.