Repair Management Services has promised the Information Commissioner's Office (ICO) that it will improve its data security after it had a laptop stolen.

According to, the Blackburn-based trade association, which represents car repair companies, lost a laptop that contained the personal details of 36,800 people and information on around 1,900 driving convictions. It was left in a parked car that was broken into and the laptop, which was protected by a password but not encryption, was stolen.

Repair Management Services has promised the ICO that it will improve its data security and that it will encrypt laptops or any other machines that carry personal data no later than next March.

The trade body has made a written undertaking to the ICO, committing it to encrypting machines and to training staff in its information policies and procedures to try to ensure that such an incident is not repeated.

Due to this, the ICO has decided not to serve an enforcement notice on it under the Data Protection Act in relation to a breach of the Act.

Sally-Anne Poole, head of enforcement and investigations at the ICO, told “Personal information is valuable. In this case, it also involved the details of criminal convictions, which if accessed, could potentially result in distress being caused to the individuals concerned.

“I welcome the steps being taken by Repair Management Services and urge all organisations to implement the appropriate safeguards and training to prevent personal information falling into the wrong hands.”

Jamie Cowper, director of marketing EMEA at PGP, said: “Although it is reassuring to see that Repair Management Services will be deploying encryption across all of its mobile devices carrying sensitive information, it is worrying that we are still seeing companies failing to take steps to adequately protect their customers' data despite numerous heavily publicised data breaches.


“As a trade organisation, Repair Management Services is a trusted body and this breach indicates a failure to fulfil even the most basic data protection responsibilities. Any organisation that holds such sensitive information has a duty to those that it represents to defend this data – and Repair Management Services has now been left with the undesirable task of justifying how an unencrypted laptop was left vulnerable to theft in a car. It's all very well to make promises to up the ante on data security by next year, but the fact remains that this should have been put in place a long time ago – it's not like there haven't been any previous warnings.”