Skipton Financial lose unencrypted laptop

Skipton Financial Services (SFS) has been found responsible for losing an unencrypted laptop containing the personal details of 14,000 customers, breaching the Data Protection Act.

The Information Commissioner's Office (ICO) said that the SFS should have had proper encryption measures. The laptop, which was stolen from an SFS contactor, contained names, birth dates, national insurance numbers and investment amounts.

"It is not always possible to prevent the theft of mobile devices such as laptops, but it is possible to minimise the damage caused by such losses," said Mick Gorill, assistant commissioner at the ICO.

"Companies must introduce adequate security procedures and safeguards, for example password protection and encryption, to protect personal information before it is allowed to leave the premises on a laptop," he added.

Following the incident, the ICO required SFS to sign a legal document forcing it to ensure the security of personal data in the future. This included encryption and the ability for the ICO to carry out risk assessments.

"The ICO has issued clear guidance to help employers understand their obligations under the Data Protection Act," said Gorrill.

"Organisations which process personal information must ensure that information is secure - this is an important principle of the Act. If organisations fail to introduce safeguards to protect information they risk losing the trust and confidence of both employees and customers."

The ICO is an independent body with specific responsibilities concerning the Data Protection Act. Last year Prime Minister Gordon Brown gave the ICO increased powers to conduct checks of government departments, but the Information Commissioner has called for these powers to be extended to other public bodies and the private sector.

The punishment contrasts with the 980,000 fine that the Financial Services Authority (FSA) made Nationwide pay after a laptop containing an employee's details was stolen from their home.