The Information Commissioner's Office (ICO) ruled today that Skipton Financial Services (SFS) breached the Data Protection Act after losing an unencrypted laptop containing personal information on 14,000 customers.
The laptop, which contained names, dates of birth, National Insurance numbers and investment amounts, was stolen from an SFS contractor.
The ICO stated that SFS should have had appropriate encryption measures in place to keep the data secure.
Mick Gorrill, assistant commissioner at the ICO, said: "It is not always possible to prevent the theft of mobile devices such as laptops, but it is possible to minimise the damage caused by such losses.
"Companies must introduce adequate security procedures and safeguards, for example password protection and encryption, to protect personal information before it is allowed to leave the premises on a laptop."
Gorrill added that organisations which process personal information must ensure that information is secure.
"If organisations fail to introduce safeguards to protect information they risk losing the trust and confidence of employees and customers," he said.
SFS has signed a legal document undertaking to ensure the security of personal data in the future.
Sensitive information held on laptop computers either by SFS or a contractor of SFS must be encrypted to provide effective protection against unauthorised access.
SFS has also undertaken to ensure that risk assessments are carried out where third parties are processing data on behalf of SFS.
Instapaper to 'go dark' in Europe until it can work out GDPR compliance
James Robbins of ArrowXL says that AI is no longer 'tomorrow's technology'
Staff told to beware of "unusual sounds" after an employee reported mystery symptoms
Sophisticated malware comprises code previously used to attack Ukraine