A sole trader has been fined £5,000 by the Information Commissioner’s Office (ICO) for failing to encrypt sensitive data it held on its customers.
The company, Jala Transport Ltd, provides loans and is based in Wembley, London. A hard drive containing data on around 250 customers was stolen when the owner's car boot was opened while it was in a traffic jam. Cash to the value of £3,600 was also taken.
The data included names, dates of birth, addresses, the identity documents used to support loan applications and details of the payments made. Although the device was password protected, it was not encrypted.
The ICO said this failure to encrypt data was a vital oversight and so it had no choice but to levy the fine, as head of enforcement, Stephen Eckersley, explained.
“If the hard drive had been encrypted the business owner would not have left all of their customers open to the threat of identity theft and would not be facing a £5,000 penalty following a serious breach of the Data Protection Act,” he said.
“The penalty will have a real impact on this business and should act as a warning to all businesses owners that they must take adequate steps to keep customers’ information secure.”
The ICO said the fine would have been far higher, at £70,000, but owing to the limited financial means of the company, as a sole-traded firm, it had no choice but to reduce it. The fact the breach was reported voluntarily was also noted by the ICO.
Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.