Brunel University London agreed to sign an undertaking with the Information Commissioner’s Office (ICO) after an incident involving the loss of 10 boxes with seven personnel files and 61 Transfer of Undertakings (Protection of Employment) [TUPE] files.
According to the undertaking, the incident occurred following an office renovation to remove asbestos. Brunel University London staff members working in the Human Resources department had set aside 17 boxes of files to be transferred to their Archive and Records Centre. The boxes were locked in a room during the renovation, but on return to the office, staff members found that ten boxes were missing. The ICO learned of the loss on February 3rd.
Although the university had policies and procedures in place, the ICO found that less than 10% of staff had completed data protection training.
This is the third recent undertaking that was requested because investigation of a breach uncovered too-infrequent or insufficient staff training.