Verity Trustees has had its wrist slapped by the Information Commissioner's Office (ICO) after a laptop was stolen containing data on 110,000 people.
The laptop was taken from the locked server room of Northgate Arinso, which supplies pension management software to Verity.
The laptop held names, addresses, salaries, national insurance numbers and dates of birth of 110,000 people, as well as 18,000 banking details.
The data wasn't supposed to be on the laptop, but had been downloaded for training - contrary to Northgate Arinso's normal policy of using anonymised data of 50 to 100 people.
Mick Gorrill, Assistant Information Commissioner at the ICO, said: "This is a stark reminder of how easy it can be to put so many people's details at risk. Failure to follow security policies and downloading such a vast amount of information has resulted in thousands of individuals' personal details being compromised."
The ICO has made Verity Trustees sign a formal undertaking to improve its data handling. It will be forced to encrypt any portable devices and make anyone processing data sign a written contract.
Gorrill added: "It is encouraging to see that the Trustees have taken remedial steps, including the engagement of a fraud protection service provider to protect the affected individuals. I am also satisfied that the Trustees will now take appropriate steps to ensure individuals' details are protected."
Read on to find out what to do in case of a data breach.
