26 September 2013

A London sole trader, Jala Transport Ltd, has incurred a £5000 fine. The loans company that is based in Wembley lost an unencrypted hard drive, holding the financial details and personal details (names, birth dates, addresses, identification documents) of its 250 customers making them susceptible to the danger of identity theft.

Although the hard drive was password protected, the company had failed to encrypt it.

Due to the limited financial resources of the company the initial fine of £70 000 was reduced to £5000.

The ICO have stated that they expect all information that could cause someone damage or distress, to be encrypted.

ICO’s Head of enforcement, Stephen Eckersley, said

“We have continued to warn organisations of all sizes that they must encrypt any personal data stored on portable devices, where the loss of the information could cause clear damage and distress to the customers affected.

“While the circumstances of this case are unfortunate, if the hard drive had been encrypted the business owner would not have left all of their customers open to the threat of identity theft and would not be facing a £5,000 penalty following a serious breach of the Data Protection Act.

“The penalty will have a real impact on this business and should act as a warning to all businesses owners that they must take adequate steps to keep customers’ information secure.”