Lost or stolen employees data storage devices: FOI release

Information request and response under the Freedom of Information (Scotland) Act 2002


Information requested

1.  How many employee devices that can store data (such as devices including smartphones, laptops, PDAs, external storage devices [hard drives, memory cards, CDs and DVDs] and tablets) were lost or stolen between 1st June 2018 and 1st June 2019
a)  Of these devices, if available, how many were lost and how many were stolen
b)  Of these devices, if available, how many were recovered after they were lost or stolen

2.  Where were devices lost or stolen?
a)  At work
b)  At home
c)  During the commute between home and work
d)  During business travel – e.g. to another region or country
e)  Other – g. out-of-work activity

3.  Of the devices that were lost or stolen, how many were
a)  Encrypted (i.e. the data was protected by either manufacturer provided encryption or third-party encryption)
b)  Not encrypted

4)  Following the loss or theft of a device, how many employees were: disciplined, sent on training course, reminded of security practices.

5)  When was your last audit by the Information Commissioners Office

Response

Questions 1 and 2
The tables below provide a breakdown of some of the information you request regarding devices which have been lost or misplaced. This is shown for Scottish Government staff.

Item

Lost

Misplaced

Where

2018/19

 

 

 

Laptop

1

1

Train

Tablet

0

0

 

Mobile Phones

3

1

 

 

 

 

 

2019 to present

 

 

 

Laptop

0

1

Home

Tablet

0

0

 

Mobile Phones

0

0

 

 

 

 

 

Q3 - Of the devices that were lost or stolen, how many were encrypted.
Scottish Government laptop and tablet devices are password protected for each individual user and hard-disk drives are protected by encryption software. Mobile devices are encrypted and are remotely wiped if reported as being missing or stolen. These devices are also protected by a complex password which also results in the device being wiped after a number of unsuccessful attempts to access a device.
Q4 - Following the loss or theft of a device, how many employees were: disciplined, sent on training course, reminded of security practices.
Scottish Government employees are reminded of the relevant security guidance following the reported loss or theft of a device. 
Q5  When was your last audit by the Information Commissioners Office
The Scottish Government’s last audit by the Information Commissioners Office was a voluntary audit in 2012.


About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG

Back to top