Businesses warned on data protection

data, Computer World writes.

In the first incident from earlier this year, an employee of the Association of School and College Leaders (ASCL) had a laptop containing details of 100 union members stolen during a burglary; while in the second, a laptop containing pupil data was lost from Holly Park School in Barnet.

According to Out-Law.com, under the Data Protection Act (DPA), organisations must take “appropriate technical and organisational measures ... against unauthorised or unlawful processing of personal data, and against accidental loss, or destruction of, or damage to, personal data”.

The DPA also defines 'sensitive personal data' as including data relating to an individual's “physical or mental health or condition”. Because information about such matters could be used in a discriminatory way, and is likely to be of a private nature, it must be treated with greater care than other personal data, the ICO has said in guidance on sensitive personal data.

“The ICO's guidance is clear,” Fresh Business Thinking quotes Sally Anne Poole, acting head of enforcement at the ICO, as saying.

“All personal information - the loss of which is liable to cause individuals damage and distress - must be encrypted. This is one of the most basic security measures, and is not expensive to put in place - yet we continue to see incidents being reported to us. This type of breach is inexcusable, and is putting people's personal information at risk unnecessarily.”