NRM bosses blasted after theft of laptop containing personal details (From York Press)

NRM bosses blasted after theft of laptop containing personal details

1:30pm Monday 1st December 2008

Print
Email
Share
Comments(5)

UNIONS are calling for an urgent investigation after a laptop containing the bank details of workers at one of York’s top tourist attractions was stolen from a car.

The computer – which also held personal and pension data relating to hundreds of staff employed by the National Museum of Science and Industry (NMSI), whose sites include York’s National Railway Museum (NRM) – was taken from a vehicle belonging to a private contractor working for the company.

The Prospect union, which represents some of the Leeman Road site’s employees, claims those affected were originally assured by bosses that no financial information was at risk – only to be told differently four weeks later.

It comes as a pay dispute, which has already seen NRM staff stage a one-day strike this year, rumbles on, with more walkouts or even legal challenges being threatened if a deal cannot be thrashed out.

Prospect negotiator Andy Bye said NMSI’s management were told about the laptop theft on October 27 and that about 90 per cent of NMSI’s 780 staff were affected.

“The true extent of the personal information contained on the laptop only came to light four weeks later following the persistence of a member who made repeated requests for copies of the lost data,” he said.

“While we appreciate removing the laptop from the contractor’s offices was outside the company’s data security arrangements, staff have questions which need to be answered regarding whether their data was originally transferred to the contractor in a secure manner, why it took so long for them to be informed and why the initial information was incorrect.

“This could not have come at a worse time, as tensions between staff and management over the pay deal are running high.”

Prospect has asked the Information Commissioner to assess whether the handling of the issue breached the Data Protection Act, and wants NMSI to reimburse workers who forked out for credit checks following the theft.

An NMSI spokesman, who confirmed staff at all its sites were affected, said: “Transferring the laptop with personal data was a contravention of the supplier’s data security rules and steps have been taken with both the supplier and the individual concerned to ensure this will not happen again.

“The information would require a high level of software expertise to uncover. NMSI has advised the Information Commissioner, written to our staff to inform them of the loss, urged them to be vigilant and provided them with advice regarding how they can protect themselves against fraud, and instigated a full review of our information risk management.

“On reporting the loss, our supplier did not believe bank account details were involved and informed us so. This new information has only just come to light and we then informed staff immediately.”

Print
Email
Share
Comments(5)

Your Say YourPress

Guy Fawkes, York says...
4:50pm Mon 1 Dec 08

I suspect that more of these thefts are happening because the cost of laptops has fallen so much in the last 2-3 years (and memory sticks are now so cheap they're virtually a disposable item). Some are even given away as part of mobile broadband packages. So people don't regard them as a valuable item to be taken care of as much as they once did, and more of them are getting nicked.

It boils down to lack of basic IT skills, a problem which I suspect starts in school. People need to be taught from when they first start using computers as teenagers that (i) data must be backed up, and in the case of important data on different physical media kept in different locations, and (ii) data which in any way relates to the life or activities of another human being must be kept secure, ideally through the use of encryption but certainly by not doing anything as stupid as leaving a laptop or a USB stick lying around in a car in a public place.