Stolen or lost device
It is common for employees to have a laptop and/or mobile devices for their work. Especially people who are often on the road because of their job, or who work from home, for example. Laptops and mobile devices can be lost or stolen, and with it the information on them. For an organisation, unauthorised disclosure of sensitive information can have major (and sometimes financial) consequences.
Checklist actions after theft or loss of a device
Your business laptop, smartphone, tablet, or other mobile device has been stolen or lost. What should you do now? In any case, think about the following things.
Report the lost device to your employer.
In the case of smartphones and mobile devices, have the SIM card blocked by the supplier to prevent misuse or high costs.
In the event of theft, report it to the police.
Determine what protective measures were installed on the stolen or lost device.
Try to find out what (and whether privacy-sensitive) information was stored on the device.
If privacy-sensitive data is stored unencrypted on the missing laptop, it is a data breach. You must report this to the Dutch Data Protection Authority (Dutch DPA, Autoriteit Persoonsgegevens) within 72 hours. You must also notify the persons involved of any theft, loss, or abuse of personal data for which you are responsible. The General Data Protection Regulation (GDPR) demands that businesses register and file all data leaks. If you fail to notify any data breach in time, the DPA may impose a fine. Read more about the GDPR.
If business or customer-sensitive information was also lost, additional steps may need to be taken to deal with this incident.
List the usernames used on the device and block or change the passwords of these usernames.
Report the theft to the device supplier or the company that provides service and maintenance for the device. Sometimes it happens that stolen equipment is presented to the supplier for repair or maintenance and can be traced.