Marks & Spencer has been found in breach of data protection rules after a laptop containing the information of 26,000 employees was stolen from a contractor’s home.


The Information Commissioner’s Office (ICO) said that the data on the stolen laptop was not encrypted and has ordered the retailer to ensure all hard drives on laptops that it uses are encrypted fully by April 2008.

ICO assistant commissioner Mick Gorrill said: “It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information.”

There have not been any reported problems from M&S staff following the incident last April. The information on the stolen laptop included employees’ pension arrangements.

An M&S spokeswoman said that the ruling was unexpected and that it was already taking measures with the regulator to solve the issue.