Marks and Spencers has been told it must encrypt all company laptops containing personal information by April 2008.

In May 2007 the knicker-seller admitted it had lost records relating to 26,000 staff when a laptop was nicked (http://www.theregister.co.uk/2007/05/09/printing_security_flap/) from a contractor's house. The laptop contained information on members of the company pension scheme.

M&S wrote to all staff whose information had been compromised offering free credit checks.

The Information Commissioner's Office reckons that the type of information on the laptop means it should have been protected with encryption.

The ICO has issued M&S with an Enforcement Notice - the company must ensure laptops containing sensitive information are encrypted by April, or face further action from the ICO.

The ICO wants the power to carry out spot checks on private companies and government departments when it suspects data protection is not being carried out properly. ®

Related stories

Consumers warned on data loss compensation packs (12 February 2008)
http://www.theregister.co.uk/2008/02/12/data_loss_compensation_warning/
MoD laptop losses expose government data indifference (22 January 2008)
http://www.theregister.co.uk/2008/01/22/mod_laptop_lack_policy/
MPs call for stronger data protection laws (3 January 2008)
http://www.theregister.co.uk/2008/01/03/mps_call_for_stronger_information_law/
Info chief prescribes shock therapy for health dept (20 December 2007)
http://www.theregister.co.uk/2007/12/20/ico_doh/
ICO warns of more 'datagate' breaches (5 December 2007)
http://www.theregister.co.uk/2007/12/05/ico_hmrc_not_alone/
Information Commissioner calls for more money and more powers (5 December 2007)
http://www.theregister.co.uk/2007/12/05/information_commissioner_evidence/
M&S in ID theft flap over stolen laptop (9 May 2007)
http://www.theregister.co.uk/2007/05/09/printing_security_flap/