NRM bosses blasted after theft of laptop containing personal details (From York Press)

NRM bosses blasted after theft of laptop containing personal details

1:30pm Monday 1st December 2008 in News By Mark Stead, mark.stead@thepress.co.uk

NRM bosses blasted after theft of laptop containing personal details

UNIONS are calling for an urgent investigation after a laptop containing the bank details of workers at one of York’s top tourist attractions was stolen from a car.

The computer – which also held personal and pension data relating to hundreds of staff employed by the National Museum of Science and Industry (NMSI), whose sites include York’s National Railway Museum (NRM) – was taken from a vehicle belonging to a private contractor working for the company.

The Prospect union, which represents some of the Leeman Road site’s employees, claims those affected were originally assured by bosses that no financial information was at risk – only to be told differently four weeks later.

It comes as a pay dispute, which has already seen NRM staff stage a one-day strike this year, rumbles on, with more walkouts or even legal challenges being threatened if a deal cannot be thrashed out.

Prospect negotiator Andy Bye said NMSI’s management were told about the laptop theft on October 27 and that about 90 per cent of NMSI’s 780 staff were affected.

“The true extent of the personal information contained on the laptop only came to light four weeks later following the persistence of a member who made repeated requests for copies of the lost data,” he said.

“While we appreciate removing the laptop from the contractor’s offices was outside the company’s data security arrangements, staff have questions which need to be answered regarding whether their data was originally transferred to the contractor in a secure manner, why it took so long for them to be informed and why the initial information was incorrect.

“This could not have come at a worse time, as tensions between staff and management over the pay deal are running high.”

Prospect has asked the Information Commissioner to assess whether the handling of the issue breached the Data Protection Act, and wants NMSI to reimburse workers who forked out for credit checks following the theft.

An NMSI spokesman, who confirmed staff at all its sites were affected, said: “Transferring the laptop with personal data was a contravention of the supplier’s data security rules and steps have been taken with both the supplier and the individual concerned to ensure this will not happen again.

“The information would require a high level of software expertise to uncover. NMSI has advised the Information Commissioner, written to our staff to inform them of the loss, urged them to be vigilant and provided them with advice regarding how they can protect themselves against fraud, and instigated a full review of our information risk management.

“On reporting the loss, our supplier did not believe bank account details were involved and informed us so. This new information has only just come to light and we then informed staff immediately.”