Lost or stolen employees data storage devices: FOI release

Information requested

1.  How many employee devices that can store data (such as devices including smartphones, laptops, PDAs, external storage devices [hard drives, memory cards, CDs and DVDs] and tablets) were lost or stolen between 1 June 2018 and 1 June 2019

     a.  Of these devices, if available, how many were lost and how many were stolen
     b.  Of these devices, if available, how many were recovered after they were lost or stolen
2.  Where were devices lost or stolen?
     a.  At work
     b.  At home
     c.  During the commute between home and work
     d.  During business travel – e.g. to another region or country
     e.  Other – e.g. out-of-work activity
3.  Of the devices that were lost or stolen, how many were
     a.  Encrypted (i.e. the data was protected by either manufacturer provided encryption or third-party encryption)
     b.  Not encrypted
4.  Following the loss or theft of a device, how many employees were: disciplined, sent on training course, reminded of security practices.
5.  When was your last audit by the Information Commissioner’s Office

Response

Q1 - 4.  There were no reported lost or stolen devices between 1 June 2018 – 1 June 2019.
Q5.  SPPA has not been audited by the Information Commissioner’s Office.
Organisations can request a voluntary audit or can be audited by the ICO following a breach where an advisory audit is undertaken to help improve data protection practices. Further information on ICO audits can be found on the Information Commissioner’s website.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.