The Information Commissioner’s Office (ICO) has found Jubilee Managing Agency Ltd in breach of the Data Protection Act after the insurance company reported the loss of an unencrypted disk containing the personal details of around 2100 individual UK policyholders.
Jubilee Managing Agency has signed a formal Undertaking outlining that it will take reasonable measures to keep personal information secure in future. Some of the data on the disk referred to policies, in some cases over 10 years old, that had expired or been cancelled, as well as information on policyholders who had since died or moved address.
A full investigation was carried out by the data controller. Subsequently an independent company reviewed data security arrangements at the company and found a lack of detailed data security procedures and policies, and insufficient staff training.