In the UK it’s beginning to reach the stage where almost everyone’s personal information has been lost at least once. In fact, if yours hasn’t, you could almost feel as if you don’t count. This time, at least, it’s not the government at fault. Giant retailer Marks & Spencer admitted that the personal details of 26,000 employees were lost when a laptop was stolen last April. The details were not encrypted, ZDNet reports. The company has been given until April 1 by the Office of the Information Commissioner (ICO) to have all its laptop drives encrypted. If it doesn’t comply, it could face prosecution. The ICO has already been forced to issue an enforcement notice against M&S when the company refused to allow the body to publish the changes it was demanding. In a statement, Mick Gorrill, assistant commissioner at the ICO, said, "It is essential that, before a company allows personal information to leave its premises on a laptop, there are adequate security procedures in place to protect personal information — for example, password protection and encryption. If organisations fail to introduce safeguards to protect information, they risk losing the trust and confidence of both employees and customers." There has been no evidence that ID fraud resulted from the loss. The laptop was stolen in a burglary at the home of the director of a company who was making pension-change statements for M&S. A spokesperson for Marks & Spencer said that the company has been working with the Information Commissioner’s office, and has been encrypting all hard drives since October. It informed all employees affected by the loss, has set up a helpline for them, and offered unlimited credit checks.
