Praxis Care Limited breached the UK Data Protection Act and the Isle of Man Data Protection Acts by failing to secure Personally Identifiable Information (PII).

An unencrypted memory stick was lost on the Isle of Man in August 2011 and contained personal information relating to

  • 107 Isle of Man residents
  • 53 Northern Ireland residents

Some of the information was sensitive and related to individuals’ care and mental health

Praxis Care Limited has informed all affected individuals about the loss and no complaints have yet been received by the regulators.

Christopher Graham, UK Information Commissioner, said:

 “Carrying people’s personal information around on an unencrypted memory stick is clearly unacceptable. The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.

“The ICO will continue to work closely with other data protection regulators where it is clear that a data breach extends across national boundaries.”

Iain McDonald, Isle of Man Data Protection Supervisor, said:

“Today’s joint action aims to send a clear message to organisations that a lax attitude to data security will not be tolerated by either the ODPS or the ICO. We will continue to work with regulators in other countries to ensure that our residents’ personal information is protected.”