Waseley Hills High School and Sixth Form Centre had stored the details of 984 pupils and 186 staff members on the laptop without any encryption protection. The records included sensitive personal data, the ICO said.
The school itself reported the data breach to the ICO in June of this year. The ICO has agreed not to issue an Enforcement Notice under the Data Protection Act because of the undertaking the school has committed to.
The school has promised to change the security used on portable computing devices that hold personal data, using encryption "where appropriate", and to train staff in data security.
“Storing large volumes of personal information on portable devices is unnecessarily risky," said Mick Gorrill, Assistant Information Commissioner. "If personal details fall into the wrong hands, individuals can experience considerable distress."
"It is vital that personal information is handled securely, especially where so many children and young people are concerned. I am pleased that the school has taken action to guard against security breaches of this nature in future," said Gorrill.
