The Royal Veterinary College breached the Data Protection Act when a member of staff lost a camera with a memory card containing the passport images of six job applicants.
The Royal Veterinary College (RVC) breached the Data Protection Act when a member of staff lost a camera that included a memory card containing the passport images of six job applicants.
It was also found that when the incident occurred in December 2012, the college had no guidance in place explaining how personal information stored for work should be looked after on personal devices.
Stephen Eckersley is head of enforcement at the Information Commissioner’s Office (ICO). He said: “Organisations must be aware of how people are now storing and using personal information for work and the Royal Veterinary College failed to do this.
“It is clear more and more people are using a personal device, particularly their mobile phones and tablets, for work purposes so it’s crucial employers are providing guidance and training to staff that covers this use.”
In response, the RVC has released the following statement: “The Royal Veterinary College takes its information security and compliance obligations extremely seriously.
“We are disappointed the guidelines and processes we had in place proved inadequate in this instance. We had already taken action to strengthen our information security provisions before the ICO completed its investigation, but are nevertheless grateful to the ICO for the further guidance it has provided.
“Among other actions, we shall be implementing and monitoring a staff training programme covering data protection and FOI (Freedom of information) issues as well as encrypting mobile devices used by staff to store or move personal data. We are confident this will help prevent a similar incident occurring in the future.”