By Daniel Hunter
The Information Commissioner’s Office (ICO) has warned small businesses that they must make sure they have adequate measures in place to keep customers’ details secure, after a sole trader was fined £5,000.
Jala Transport Ltd, a Wembley-based loans company, received the penalty after the loss of a hard drive containing financial details relating to all of the sole proprietor’s approximately 250 customers.
The hard drive was lost after it was stolen from the business owner’s car while it was stationary at a set of traffic lights in London on 3 August 2012. The external hard drive was in a case with some documents and £3,600 in cash. The hard drive was password protected, but crucially not encrypted, and included details of the customers’ name, date of birth, address, the identity documents used to support the loan application and details of the payments made.
The ICO expects all information to be encrypted where the loss of the data could lead to those affected suffering damage and distress. The initial incident would have resulted in a penalty of £70,000 being imposed, but the limited financial resources of the company resulted in the penalty being lowered to £5,000. The ICO also considered that the data breach was voluntarily reported.
ICO Head of Enforcement, Stephen Eckersley, said: “We have continued to warn organisations of all sizes that they must encrypt any personal data stored on portable devices, where the loss of the information could cause clear damage and distress to the customers affected.
“While the circumstances of this case are unfortunate, if the hard drive had been encrypted the business owner would not have left all of their customers open to the threat of identity theft and would not be facing a £5,000 penalty following a serious breach of the Data Protection Act.
“The penalty will have a real impact on this business and should act as a warning to all businesses owners that they must take adequate steps to keep customers’ information secure.”
Join us on