The Information Commissioner’s Office (ICO) is reminding charities that personal information must be handled securely after finding the Alzheimer’s Society in breach of the Data Protection Act. The Alzheimer’s Society reported three separate breaches involving personal information to the ICO during 2009.
Several unencrypted laptops were stolen during a burglary at their office in Cardiff last August. The laptops were neither physically secured by cable locks nor locked away securely. One of the laptops contained personal details including names, addresses, national insurance numbers and salary details for about 1,000 staff across England, Wales and Northern Ireland.
The Alzheimer’s Society has now signed a formal Undertaking promising to improve security. The Undertaking also requires staff to be made aware of the Society’s policies for the storage, use and disposal of personal information. Staff must receive appropriate training on how to follow these policies.
Sally-anne Poole, Head of Investigations at the ICO, said: “A thousand staff members’ details were stored on unencrypted laptops. This is unacceptable; portable devices must be encrypted if they are used to store personal information. It is vital that all organisations ensure personal information is handled securely and that appropriate staff have adequate training in this area. We are aware that the laptops were due to be encrypted and I am pleased that the Alzheimer’s Society has taken action to guard against security breaches of this nature in future.”
A copy of the Undertaking can be downloaded from http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx.
Source: Information Commissioner’s Office