UK: Royal London Mutual Insurance Society loses eight laptops and the personal details of 2, 135 people

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.scmagazineuk.com/royal-london-mutual-insurance-society-loses-eight-laptops-and-the-personal-details-of-2135-people/article/166024/

The Information Commissioner's Office (ICO) has reported that the
Royal London Mutual Insurance Society lost eight laptops and the
personal details of 2,135 people.

It has declared that the insurance provider breached the Data
Protection Act when the laptops were stolen from the company's
Edinburgh offices. Two of the laptops contained the information, and
the individuals affected were employees of various firms that had
sought pension scheme illustrations.

The ICO reported that the two laptops were unencrypted, but were
password protected. An internal report established that the company
was uncertain about the precise location of the laptops at any given
time and that physical security measures were inadequate.

The report also revealed that managers were not aware that personal
information was stored on any of the laptops, which meant no
additional precautions to control and secure the data had been taken.

Michael Yardley, group chief executive officer of the Royal London
Mutual Insurance Society, has now signed an official undertaking to
ensure that portable and mobile devices including laptops are
encrypted.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php