The Information Commissioner is obviously getting a lot of practice at drafting undertakings and enforcement notices concerning loss of data. One of the latest is the undertaking made by Skipton Financial Services Limited.
It’s another loss of laptop case – usual story, laptop containing thousands of financial records of Skipton customers, with the other typical element that the laptop belonged to Skipton’s data processor. (See post on Marks & Spencers below).
Anyway, the point for this post is that after this undertaking, which would probably have resulted in an enforcement notice if Skipton had not co-operated, is that to believe that the use of unencrypted laptops would any longer be compliant with the Seventh Data Protection Principle.