The device was stolen from an employee of a unnamed third-party firm that Panasonic had hired to help it put on an event at a hotel. The laptop data included names, addresses, contact details, dates of birth, passport details and emergency contact details.
The ICO discovered that the passport information was only needed for overseas guests staying at the hotel, but that passport data on all guests was collected as it was felt it might be useful in an emergency.
The laptop was password protected, but did not have encryption or physical security. The ICO said that although Panasonic’s own data-protection policies were comprehensive, it had never communicated these to the third party.
The firm's UK managing director Andrew Denham has now signed an undertaking to improve its data protection policies. V3 contacted Panasonic for comment on the case but had received no reply at the time of publication. The ICO had also not responded for a comment on the case.
The incident is the second the ICO has ruled on this week, after it criticised the Royal Veterinary College (RVC) for failing to implement bring your own device policies after sensitive data, which was stored on a staff-owned device, was lost.
Unencrypted devices are frequently the cause of data loss incidents. Despite numerous incidents and warnings from the ICO, firms are still failing to adequetely protect their data, with the ICO again urging organisations to understand their security obligations for data.
Nice and very helpful information i have got from your post. Even your whole blog is full of interesting information which is the great sign of a great blogger.
ReplyDeletePanasonic - Refurbished - 13" Toughbook Notebook - 4 GB Memory - 160 GB Hard Drive
Panasonic - 10.1" Toughbook Notebook - 4 GB Memory - 500 GB Hard Drive