Historical Society fined for ‘serious’ data breach
A historical society has been fined after after a laptop containing sensitive personal data was stolen while a member of staff was working away from the office.
The historical society was fined £500 by the Information Commissioner’s Office (ICO), the independent authority set up to promote openness of public bodies and data privacy for individuals. The ICO said the amount of fine reflected the financial circumstances of the historical society. It warned that most organisations would receive a much larger fine for a similarly serious breach.
The stolen laptop contained the details of people who had donated artefacts to the society. The data was not encrypted.
An ICO investigation found that the organisation had no policies or procedures around home-working, encryption and mobile devices – which resulted in a breach of data protection law. The case highlights the importance of having developing detailed policies on agile and home-working.
ICO group manager Sally-Anne Poole, said: “Organisations are required by law to keep data secure and that includes when working away from the office. “The personal information in this case was so sensitive we can’t give out details of the breach. The historical society knew of the potential consequences of losing the sensitive information and should have taken measures to secure the data.”
The ICO website has advice for charities on complying with legal requirements to protect information.