M&S admits to staff data losses

A laptop belonging to Marks and Spencer was stolen in May 2007 it has been revealed

Marks and Spencer has announced that a laptop containing 26,000 staff member details was stolen last year, prompting the UK data protection watchdog, the Information Commissioner's Office (ICO), to take action against the firm.

“We have issued Marks and Spencer with an Enforcement Notice. They have to encrypt all of their laptops containing personal data by April 2008. If they proceed not to do so, they will be prosecuted,” said an ICO spokeswoman.

The spokewoman went on to say, “We want companies to take data protection seriously, and it is good to see that companies are more frequently stepping forward to make sure they are securely protecting their data,”

“In regards to the Marks and Spencer case, it has brought light to the issue of data protection.”

The ICO has once again called for more enforcement and investigation powers, following this, and other recent incidents. Other recent data losses include the loss of a MoD Royal Navy laptop, containing the personal details of 600,000 people. It was then admitted that two other laptops had also gone missing in December 2000 and October 2006.

The HMRC also lost 25m child benefit-recipients data as well as the personal details of 6,500 pensioners in Cardiff.

The Ministry of Justice has also had a recent data breach, losing four CDs containing the personal information of alleged victims and witnesses.

However, according to experts, some firms are wary of putting too much control on their data, with many admitting that they are wary of too much encryption.

Geoffrey Finlay, chief executive at nCipher, said in a statement, “Companies fear encryption may open Pandora’s box.” But warned firms that the alternative is much worse. However, he added, “With a well planned deployment, supported by strong key management and access controls it is not a difficult barrier to overcome.”