The ICO have fined the Royal & Alliance Insurance Company £150,000 for losing the personal information of nearly 60,000 customers.
59,592 customer names, addresses and bank account details, including account numbers and sort codes were stolen from the RSA’S offices in West Sussex by a member of staff or a contractor. The data was held on a hard drive and was not encrypted.
The ICO is regularly issuing significant fines to companies that breach the Data Protection Act and publishes its findings.
The case illustrates the need for physical security of IT devices as well as electronic forms of security and the importance of internal security over employees and contractors and finally the need to encrypt data held on portable devices.