The laptop contained employees' salaries, dates of birth,
addresses and national insurance numbers as well as their telephone
numbers.
The computer was in the care of a printing company which was to
write to the employees on the machine regarding their pensions. It
was then stolen in a theft that was described as opportunistic
rather than planned.
Marks and Spencer has said that if the data falls into the hands
of people adept at committing identity fraud, then they are at risk
of being impersonated. It told the BBC that it is offering the
employees free credit checks.
The theft took place on 18th April and the company wrote to
staff two days later. It did not tell them the full extent of the
information on the computer unless staff made further enquiries or
attended internal meetings.
Marks and Spencer said that it believed that no ID theft had
taken place as a result of the security breach.
In response to the theft the National Consumer Council said that
it would campaign for legislation either in the UK or the EU that
would demand that companies act more quickly to protect employees
and customers against ID theft.
In some US states there are laws which demand that a company
disclose publicly each data security breach that it suffers. There
is no such law in the UK and the Information Commissioner, who
oversees the implementation of privacy legislation in the UK, has
stopped short of calling for the introduction of one.
