Wave Systems Corp. (fka WAVXQ)

[dude_danny]

Stolen M&S laptop contains 26,000 pension details
ICO demands overhaul of data security…

http://www.silicon.com/retailandleisure/0,3800011842,39169821,00.htm
By Nick Heath

Published: Friday 25 January 2008


Retailer Marks & Spencer (M&S) could face prosecution if it does not comply within two months to the overhaul of its data security after losing 26,000 employees' pension details.



The Information Commissioner's Office (ICO) has threatened the retail giant with possible prosecution after the unencrypted data on a laptop was stolen from a contractor.

Names, addresses, national insurance numbers and information about pension plans - including wages but not bank account details - of the UK workers were on the machine.

M&S now has until 1 April to ensure all laptop hard drives are fully encrypted.

The ICO served the enforcement notice on 23 January after M&S would not agree to the ICO publicising the changes it demanded in data security at the company.

A spokesman for the ICO said: "There is no evidence that any employees suffered ID fraud but there is always that risk with this type of information."

Mick Gorrill, assistant commissioner at the ICO, added in a statement: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption.

"If organisations fail to introduce safeguards to protect information they risk losing the trust and confidence of both employees and customers."

The data was stolen from the home of the MD of a company that was preparing pension change statements for M&S.

The ICO found that M&S breached the Data Protection Act by not taking appropriate measures to ensure the security of its data by making sure the laptop data was encrypted.

The enforcement notice says the Information Commissioner Richard Thomas takes the view that damage or distress is likely as a result of personal data getting into the hands of unauthorised persons.

A spokeswoman for M&S said: "We have been working with the ICO since we knew what had happened. We have been encrypting all hard drives since October last year."

She said the firm had informed all employees by letter the moment it found out about the theft, set up a helpline for affected workers and provided them with unlimited credit checks with Experian.

Last year Gordon Brown announced that the ICO would be given increased powers to conduct spot checks of government departments.

The Information Commissioner has called for these powers to be extended to cover all public bodies and private sector organisations.