UPS Promises Security Overhaul In Wake Of Pay Data Lapse

Delivery firm UPS has promised privacy watchdog the Information Commissioner's Office (ICO) that it will encrypt laptops and smartphones in the UK and Europe following the loss of a laptop containing unencrypted pay information on 9,150 employees.

The parcel firm has signed a formal undertaking in a settlement with the ICO that commits it to an improved information security regime. In return the ICO has agreed not to take enforcement action against the firm under the Data Protection Act.

A laptop was lost by a UPS employee abroad and was never recovered. It contained payroll data on 9,150 UPS employees. The computer included information on workers' banks, pay, national insurance numbers, addresses and dates of birth.

The laptop was lost in 2008 and the ICO said that all affected employees have been told and measures to protect them taken.

The ICO said that companies should take better routine care of customers' and employees' personal data.

"Password protected laptops are not secure," said ICO assistant commissioner Mick Gorrill. "I urge all organisations to restrict the amount of personal information that is taken off secure sites."

"I am pleased that UPS has encrypted its laptops and smartphones, and I urge other organisations to follow suit," he said.