Breach of DPA
20 January 2008
The ICO has found Skipton Financial Services Limited (SFS) in breach of the Data Protection Act following the theft of an unencrypted laptop containing the personal information of 14,000 SFS customers from a company providing software consultancy services to SFS.
The Act requires appropriate measures to be taken to prevent accidental loss or destruction of personal data. SFS has signed an undertaking that it will fully encrypt personal data held on laptops by SFS or its contractors. It will also carry out risk assessments before engaging third parties to process data on its behalf. This is more specific on the processing of data by third parties than the enforcement notice issued to Marks & Spencer for a similar breach.