By Eduardo Ustaran
UPS, the parcel service and global transportation and logistics business, has taken remedial action, including the encryption of all its UK laptops and smartphone devices, following a breach of the Data Protection Act. UPS also signed an Undertaking to assure the Information Commissioner’s Office that personal information will be kept securely in future.
An unencrypted, password-protected laptop was stolen from a UPS employee while on business abroad in October 2008. The laptop, which was not recovered, contained the payroll data of approximately 9,150 UK-based UPS employees. The information included personal details, such as the employees’ names, addresses, dates of birth, National Insurance numbers, and salary and bank details. In order to comply with the applicable security requirements post-breach, UPS notified all UK employees about the theft and adopted precautionary measures.