Auditor exposes client information
Lost laptop contained sensitive client information
Firms have been reminded of the need to protect data on mobile devices and
elsewhere after an auditor from Ernst & Young lost a laptop containing
highly sensitive client information.
The names, addresses and credit card details of almost a quarter of a million
Hotels.com customers were on the laptop stolen from a locked car in the US,
according to reports.
In a letter sent to its customers Hotels.com said, ‘The computer contained
certain information about customer transactions with Hotels.com and other sites.
This information may have included your name, address and some credit or debit
card information you provided at that time.’
Such losses are embarrassing, but also have wider implications. Legal experts
said firms have a legal responsibility to ensure the security of their clients’
and customers’ data.
‘In the UK there is a general obligation within the Data Protection Act that a
business must apply technical and organisational measures to guard against
security breaches,’ said Struan Robertson of law firm Pinsent Masons.
Robertson said that firms should encrypt data, and use more sophisticated
safeguards than a simple password. He also advised that staff should never take
laptops off company premises if they contain sensitive data of the sort lost by
Ernst & Young.