FOI/19/02140 · FOI · unclear

Lost or stolen employees data storage devices: FOI release

Published: 2019-10-29
Received: 2019-09-12
Responded: 2019-10-09
Directorate: Chief Medical Officer Directorate
Topic: Public sector
Exemptions: 5

Information requested

1. How many employee devices that can store data (such as devices including smartphones, laptops, PDAs, external storage devices [hard drives, memory cards, CDs and DVDs] and tablets) were lost or stolen between 1st June 2018 and 1st June 2019 a) Of these devices, if available, how many were lost and how many were stolen b) Of these devices, if available, how many were recovered after they were lost or stolen

2. Where were devices lost or stolen? a) At work b) At home c) During the commute between home and work d) During business travel – e.g. to another region or country e) Other – g. out-of-work activity

3. Of the devices that were lost or stolen, how many were a) Encrypted (i.e. the data was protected by either manufacturer provided encryption or third-party encryption) b) Not encrypted

4) Following the loss or theft of a device, how many employees were: disciplined, sent on training course, reminded of security practices.

5) When was your last audit by the Information Commissioners Office

Response

Questions 1 and 2 The tables below provide a breakdown of some of the information you request regarding devices which have been lost or misplaced. This is shown for Scottish Government staff.

Item Lost Misplaced Where 2018/19 Laptop 1 1 Train Tablet 0 0 Mobile Phones 3 1 2019 to present Laptop 0 1 Home Tablet 0 0 Mobile Phones 0 0

Q3 - Of the devices that were lost or stolen, how many were encrypted. Scottish Government laptop and tablet devices are password protected for each individual user and hard-disk drives are protected by encryption software. Mobile devices are encrypted and are remotely wiped if reported as being missing or stolen. These devices are also protected by a complex password which also results in the device being wiped after a number of unsuccessful attempts to access a device. Q4 - Following the loss or theft of a device, how many employees were: disciplined, sent on training course, reminded of security practices. Scottish Government employees are reminded of the relevant security guidance following the reported loss or theft of a device. Q5 When was your last audit by the Information Commissioners Office The Scottish Government’s last audit by the Information Commissioners Office was a voluntary audit in 2012.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact Please quote the FOI reference Central Enquiry Unit Email: ceu@gov.scot Phone: 0300 244 4000 The Scottish Government St Andrews House Regent Road Edinburgh EH1 3DG

Attachments

No attachments found.

Similar releases

Correspondence discussing the response to FOI request 202600503390: FOI release 2026-05-15 · partially withheld · 2 files
Perth and Kinross broadband queries: FOI release 2026-05-14 · not held · 0 files
Crown Office and Procurator Fiscal Service funding query: FOI release 2026-05-14 · unclear · 0 files
Scottish Government documentation regarding the procurement of Oracle: FOI release 2026-05-14 · not held · 0 files
Brand Scotland marketing spend information: FOI release 2026-05-13 · unclear · 0 files
Number of Freedom of Information requests which have proceeded to a review: FOI release 2026-05-13 · unclear · 0 files
Sensitive and routine Freedom of Information request statistics: FOI release 2026-05-12 · unclear · 0 files
Correspondence regarding Information Commissioner decision notices: FOI release 2026-05-12 · partially withheld · 2 files