Marks & Spencer in the clear over loss of staff data
The information commissioner has dropped an enforcement notice against Marks & Spencer after the retailer encrypted every laptop across the organisation following a major security breach.
The Information Commissioner's Office (ICO) issued the enforcement notice in January after it found M&S in breach of the Data Protection Act, following the theft of an unecrypted laptop containing the personal information of 26,000 M&S employees.
The laptop, which contained details on employees' names, salary details, addresses, national insurance numbers, dates of birth and phone numbers, was stolen from a printing company.
The ICO cancelled the enforcement notice after Marks & Spencer confirmed it had completed its encryption programme in July.
Darrell Stein, IT director at M&S, told the ICO in a letter on 8 July that all 4,352 laptops in the organisation across 11 countries had been encrypted using software from Utimaco.
Read the whole article here.