UK - The Information Commissioner's Office has ruled Verity Trustees, the independent trustees for The Pensions Trust, breached the Data Protection Act when unencrypted personal data of 110,000 scheme members was stolen from its software provider.
The laptop, which was stolen from NorthgateArinso's offices in May, contained in the names, addresses, dates of birth, salaries and national insurance numbers of around 110,000 people - as well as the bank details of around 18,000 pensioners. (Global Pensions; May 29, 2009)
NorthgateArinso is the sole supplier of the trustees' computerised pension administration systems.
The ICO said the data was downloaded for training purposes in breach of the company's policy of only using an anonymous data sample for 50 to 100 pension scheme members.
Verity Trustees has now signed a formal undertaking to ensure personal data is processed in line with the Data Protection Act. The firm will also make sure portable and mobile devices used to store and transmit personal data are encrypted.
The ICO said it will also have adequate written contracts, including data security obligations, put in place with data processors.
ICO assistant information commissioner Mick Gorrill said: "This is a stark reminder of how easy it can be to put so many people's details at risk."
He said it is "encouraging" to see the trustees have taken remedial steps, including the engagement of a fraud protection service provider to protect the affected individuals.
The ICO has also produced the Guide to Data Protection, providing practical advice about the Data Protection Act. It said the guide will help organisations safeguard personal data and comply with the law.
It said sometimes organisations misinterpret the Act, or hide behind it, while conceding misunderstandings do occur.
Information Commissioner Christopher Graham said: "The Data Protection Act provides us all with important privacy rights and the vast majority of businesses and organisations understand their legal obligations to protect our personal details."
Yet he said there are still too many organisations "playing fast and loose" with personal data.
He added: "Security breaches, inaccurate records and instances of data being held for too long are common. This new guide will help organisations comply with the law and demystify data protection."
PwC, KPMG, EY and Deloitte must break up their consultancy and audit businesses into distinct firms to provide greater focus on the "most challenging and objective audits", the competition watchdog has said.
The Department for Work and Pensions (DWP) has released its first batch of guidance setting out how the guaranteed minimum pension (GMP) conversion legislation may be used to resolve unequal payments.
This week's top stories include the government spending £800,000 on a Gogglebox advert and MPs writing to The Pensions Regulator about its engagement with the Railways Pension Scheme.