Repair Management Services of Blackburn, the trade association representing car repair companies, has lost a laptop containing the personal details of 37,000 people and information on 1,900 driving convictions. The laptop – stolen from a locked car – was password protected but not encrypted.
The trade body has made a written undertaking, promising the ICO that it will take measures to improve data security with encryption for laptops and other mobile devices by March 2010.
Jamie Cowper from PGP Corporation, has made the following comments: “As a trade organisation, Repair Management Services is a trusted body and this breach indicates a failure to fulfill even the most basic data protection responsibilities. Any organization that holds such sensitive information has a duty to those that it represents to defend this data – and Repair Management Services has now been left with the undesirable task of justifying how an unencrypted laptop was left vulnerable to theft in a car. It’s all very well to make promises to up the ante on data security by next year, but the fact remains that this should have been put in place a long time ago – it’s not like there haven’t been any previous warnings.”