Statement on Investigation into Theft of Personal Data on BOI Laptops
The Data Protection Commissioner wishes to confirm that his Office is investigating the circumstances surrounding the theft of a substantial amount of personal data on 4 Bank of Ireland laptops over the past year.
This matter was reported to the Commissioner's Office on Friday morning. On foot of that contact, a more detailed report has been sought from Bank of Ireland into the exact circumstances surrounding the loss of the personal data.
The investigation will focus on the justification for the personal data, including sensitive medical data in some cases, being placed on the laptops in the first place, the security arrangements in place and the exact circumstances which led to the delay in the reporting of this matter internally within the Bank of Ireland to the appropriate personnel for the taking of further action. Consideration will then be given as to what further action will be sought from Bank of Ireland to ensure that the obligations contained in the Data Protection Acts in this area are met. The Data Protection Commissioner and the Financial Regulator are cooperating on this matter and we will refer any relevant issues to the Financial Regulator.
On a broader level, this issue serves to highlight once again the absolute necessity for all organisations in the public and private sector to take their data protection responsibilities seriously. In particular, all organisations should be assessing immediately the necessity for storing personal data on laptops. If a need is found, appropriate security measures such as encryption should be put in place immediately.
» Permanent Link