Safe and Secure Insurance Services Limited in the U.K. apparently wasn’t that safe and secure. The Information Commissioner’s Office had the firm sign an undertaking after a hard drive containing their clients’ data was purchased over the Internet. The documents on the drive mainly consisted of insurance quotes and application forms dating from 2009 – 2010. In addition to the personal information included in the application forms, a small number of the forms also featured financial details.
The ICO became aware of the breach in early 2011, and S & S had no idea how this had happened. Significantly, they had no protocols in place at the time that dealt with the secure disposal of drives. Now they do.