The ICO has fined a historical society after a laptop containing sensitive personal data was stolen whilst a member of staff was working away from the office. The laptop, which wasn’t encrypted, contained the details of people who had donated artefacts to the society. An ICO investigation found the organisation had no policies or procedures around homeworking, encryption and mobile devices which resulted in a breach of data protection law.
Sally-Anne Poole, ICO group manager, said:
“Organisations are required by law to keep data secure and that includes when working away from the office.
“The personal information in this case was so sensitive we can’t give out details of the breach. The historical society knew of the potential consequences of losing the sensitive information and should have taken measures to secure the data.”
The ICO has given the historical society a £500 fine based on its financial circumstances but because of the serious nature of the breach, most organisations would expect to receive a much larger fine.