UPS, the parcel service and global transportation and logistics business, has taken remedial action, including the encryption of all its UK laptops and smartphone devices, following a breach of the Data Protection Act last year. The ICO reports.
UPS has also signed an Undertaking to assure the Information Commissioner’s Office (ICO) that personal information will be kept securely in future.
An unencrypted password-protected laptop was stolen from one of UPS’s employees while on business abroad in October 2008. The laptop, which was not recovered, contained the payroll data of about 9,150 UK based UPS employees. The
information included personal details, such as the employees’ names, addresses, dates of birth, National Insurance numbers, as well as salary and bank details. All UK employees were notified by UPS of the theft and precautionary measures were
organised for them.
Mick Gorrill, Assistant Information Commissioner, said ‘Password protected laptops are not secure. I urge all organisations to restrict the amount of personal information that is taken off secure sites. I am pleased that UPS has encrypted its laptops and smartphones, and I urge other organisations to follow suit.”
UPS is updating its security policies and is implementing a number of other changes to protect personal information in the future.
A copy of the Undertaking can be downloaded from –
http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx.