The Information Commissioner’s Office (ICO) has issued advice on using encryption as a means of keeping personal data secure. This follows news that a sole trader was fined £5,000 after the loss of a hard drive containing financial details relating to all of the sole trader’s customers. Although the hard drive containing the information was password protected, it was not encrypted, and included details of the customer’s name, date of birth, address, the identity documents used to support the loan application and details of the payments made.
The ICO makes clear that it expects all data to be encrypted where the loss of the information could lead to those affected suffering damage and distress. The initial incident would have resulted in a penalty of £70,000 being imposed, but the limited financial resources of the company and the fact that the ICO considered that voluntary self-reporting had been made meant that the penalty was significantly reduced.
The ICO Head of Enforcement has commented that the penalty should act as a warning to all business owners to keep customers’ information secure. The ICO also includes on its press release a link to a blog explaining the importance of encryption.
A copy of the press release can be found here.