Blackburn-based Repair Management Services Ltd (formally MVRA), a trade body that provides advice to businesses involved in motor vehicle repair, has taken remedial steps to improve data security following the theft of an unencrypted laptop containing the personal information of approximately 36,800 individuals.
The laptop, which also held details of 1,900 motoring convictions, was stolen from a secure vehicle in a public car park. The laptop was password protected, but unencrypted. It is a requirement under the Data Protection Act for all organizations, in both the public and private sector, to ensure personal information entrusted to them is secure.
The company has signed an Undertaking to ensure mobile devices, including laptops and other portable media used to store and transmit personal information, are encrypted. Staff at the company will also receive training to make sure they are aware of the company’s policy on the storage and use of personal information. Repair Management Services Ltd has also agreed to ensure other security measures the company deems necessary are implemented to protect data from unauthorized and unlawful processing, accidental loss, destruction or damage.
Sally-anne Poole, Head of Enforcement & Investigations at the ICO, said: “Personal information is valuable. In this case, it also involved the details of criminal convictions which, if accessed, could potentially result in distress being caused to the individuals concerned. I welcome the steps being taken by Repair Management Services Ltd and urge all organizations to implement the appropriate safeguards and training to prevent personal information falling into the wrong hands.”