Verity Trustees has had its wrist slapped by the Information Commissioner's Office (ICO) after a laptop was stolen containing data on 110,000 people.
The laptop was taken from the locked server room of Northgate Arinso, which supplies pension management software to Verity.
The laptop held names, addresses, salaries, national insurance numbers and dates of birth of 110,000 people, as well as 18,000 banking details.
The data wasn't supposed to be on the laptop, but had been downloaded for training - contrary to Northgate Arinso's normal policy of using anonymised data of 50 to 100 people.
Mick Gorrill, Assistant Information Commissioner at the ICO, said: "This is a stark reminder of how easy it can be to put so many people's details at risk. Failure to follow security policies and downloading such a vast amount of information has resulted in thousands of individuals' personal details being compromised."
The ICO has made Verity Trustees sign a formal undertaking to improve its data handling. It will be forced to encrypt any portable devices and make anyone processing data sign a written contract.
Gorrill added: "It is encouraging to see that the Trustees have taken remedial steps, including the engagement of a fraud protection service provider to protect the affected individuals. I am also satisfied that the Trustees will now take appropriate steps to ensure individuals' details are protected."
Read on to find out what to do in case of a data breach.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
New Zealand privacy commissioner tipped to become next ICO headNews John Edwards is said to be an 'anti-Facebook' regulator who would fit well in the UK's plans to clamp down on big tech
-
What is a freedom of information (FOI) request?In-depth We look at the mechanism citizens can use to hold public bodies to account
-
ICO hints at Facebook hypocrisy over data protection goalsNews Elizabeth Denham asks Facebook to drop appeal after CEO's call for greater internet regulation
-
ICO to investigate Google over GDPR violationsNews UK Watchdog to liaise with other European regulators over 'forced consent' push by the tech giant
-
ICO myth-busts on the flow of data post BrexitNews The Information Commissioner explains how data will move between the UK and EU in a no-deal scenario
-
Leave.EU faces big fine over data law breachesNews Information commissioner reveals Leave.EU was fined a total of £75,000 for “serious breaches”
-
ICO website knocked offline for more than 24 hoursNews The outage was caused by an “unprecedented electrical surge” that damaged its host’s circuits
-
Elizabeth Denham appointed ICO bossNews Denham will be tasked with helping the UK leave the EU without any knock-on effects on privacy
