It has been a bad week for laptop theft. A laptop containing personal information was stolen from the car of a member of HM Revenue and Customs (HMRC) in the UK.

The stolen computer contained data about high value customers who invested in Individual Savings Accounts as provided to them by banking institutions. HMRC has advised the banking institutions to notify the affected customers.

“The incident has been reported to the police and we are carrying out an urgent internal enquiry. HMRC places the utmost importance on the security of confidential material and we have in place very clear processes governing the handling of such material.”

On a positive note, the laptop was not completely without defenses. The laptop was password protected and encrypted. In data breach news, this is a very rare set of precautions. In addition, HMRC is being up front and honest in taking the blame:

“We obviously deeply regret what’s happened and we are obviously responsible.”

Although the HMRC data is protected by defenses, it is still at risk. Strong security policies would limit the amount of data that can be taken off-site, and laptop recovery & data wipe software would enhance data security.

Unlike our previous example, the HMRC came forward with full disclosure about the breach. Given that the data was well protected, they were not required by law to notify customers. However, taking responsibility for the lost data is being viewed by many as a “refreshing level of ethical responsibility.”

Via IT Week, Silicon.com Tags: hmrc, laptop theft, data breach, encryption, laptop security, it security, business security, government security