From the ICO press release:
The Information Commissioner’s Office (ICO) has found Amicus Legal Ltd in breach of the Data Protection Act after reporting a laptop computer containing personal information relating to 100,000 customers was stolen. The laptop, privately owned by a contracted consultant, was not encrypted.
According to the Undertaking:
The laptop computer, which was privately owned by a contracted consultant, was unencrypted. It is understood that the computer was left unattended in a locked hotel room and was stolen by a member of the hotel staff.
4. The data controller did not ensure sufficient security measures were in place to prevent the transfer of the data in question on to a privately owned and unencrypted portable computer. The Commissioner has taken into account the fact that a proportion of the personal data in question related to legal advice and could therefore potentially result in significant distress being caused to the individuals concerned.