Employers and home working

As traditional modes of working have evolved with technological advances, home working has become an ever more popular working environment. Yet employers need to be vigilant. They are required to ensure that they have appropriate technical and organisational measures in place against accidental loss of personal information. No measures can be 100% secure. What is required is a risk assessment exercise balancing the state of technological development and the cost of implementing appropriate levels of security against the harm that would be caused to those whose personal information has been lost and the nature of that information.

A nursing home has been fined £15,000 when a member of staff took home an unencrypted work laptop containing sensitive personal information. The laptop was stolen.

The ICO found that the nursing home did not have any policies in place regarding home working and security and the need for encryption in such circumstances. Its technical security was wholly inadequate.

The ICO said that the fine would have been much larger for bigger businesses committing a similar serious breach.