The Information Commisioner's Office (ICO) has found two London housing bodies in breach of the Data Protection Act after a contractor left the personal data of thousands of tenants on an unencrypted memory stick in a pub.
Details of more than 20,000 tenants of Lewisham Homes and 6,200 tenants of Wandle Housing Association, were on the USB key, while nearly 800 of the records from Lewisham Homes contained tenants' bank account details.
The contractor, who was working for Lewisham Homes and had previously worked for Wandle Housing Association, had copied the information from the networks of both organisations.
The memory stick was handed in to the police and the ICO believed that the data was not misused.
"Saving personal information onto an unencrypted memory stick is as risky as taking hard copy papers out of the office. Luckily the device was handed in and there is no suggestion that the data was misused. But this incident could so easily have been avoided if the information had been properly protected," said Sally-Anne Poole, acting head of enforcement at the ICO.
Both housing bodies have agreed to ensure that all portable devices used to store personal data are encrypted, with all staff to follow existing policies on the handling of personal information. All staff, including contractors, will also be monitored to make sure they are handling personal information securely.