The Information Commissioner’s Office (ICO) has found Northern Ireland’s Department of Finance and Personnel in breach of the Data Protection Act after approximately 37,000 people’s personal details were stolen. Stephen Peover, the Permanent Secretary at the Department of Finance and Personnel, has signed a formal Undertaking to improve data security.
The ICO, the UK’s privacy watchdog, understands that some of the 37,000 records contained sensitive personal information. The details included payroll, employment and health data, although not all records contained these categories of information. Approximately 900 records contained bank details. The Department of Finance and Personnel informed the ICO that 12 of its laptops had been stolen and that two of these contained personal information. The laptops were secured to desks or stored in locked cabinets.
Mick Gorrill, Assistant Information Commissioner at the ICO, said: “This was a major data security breach involving many thousands of people’s personal information. Storing large volumes of personal information on portable devices is unnecessarily risky. It is vital that all organisations ensure their staff handle personal information securely. I am pleased that the Department is committed to taking action to guard against security breaches of this nature in future.”
Source: Information Commissioner’s Office