Repair Management Services of Blackburn, a trade association representing car repair companies, has signed a formal undertaking with the Information Commissioner's Office promising to improve data security measures by March 2010. The ICO – the regulator in charge of enforcing data protection law in the UK - took action against RMS following the theft of an unencrypted laptop from a locked car. The laptop contained the personal details of 36,800 people and information on 1,900 driving convictions. The ICO found that, although the laptop was password protected, RMS had failed to protect the data using a minimum standard of encryption. As a result, the security measures used by RMS were insufficient to prevent the unauthorised or unlawful processing of the data in question. The ICO also took into account the fact that data relating to criminal convictions, if accessed, could potentially result in distress being caused to the individuals concerned. RMS must now take steps to encrypt all of its machines which carry personal data and to train its staff in its information policies and procedures to prevent a repeat of the incident in the future.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
