Skipton Financial Services breaches Data Protection Act

Unencrypted laptop contained names and financial details of 14,000 customers

ICO guidelines say laptops must be encrypted

Skipton Financial Services has been found in breach of the Data Protection Act for not encrypting the information of 14,000 customers on a laptop that was stolen.

The laptop - which contained names, dates of birth, national insurance numbers and investment amounts - was pinched from a contractor in December last year.

The company did not do everything in its power to protect its customers' information, according to Mick Gorrill, assistant commissioner at the information commissioner's office (ICO).

"It is not always possible to prevent the theft of mobile devices such as laptops, but it is possible to minimise the damage caused by such losses," he said.

"Companies must introduce adequate security procedures and safeguards."

Skipton Financial Services has signed a legal document saying it will ensure personal information on laptops is encrypted in the future.

The government is currently reviewing the powers of the ICO with a view to giving it greater punitive powers.