It is common for employees to have a laptop and/or mobile devices for their work. Especially people who are often on the road because of their job, or who work from home, for example. Laptops and mobile devices can be lost or stolen, and with it the information on them. For an organisation, unauthorised disclosure of sensitive information can have major (and sometimes financial) consequences.
Checklist actions after theft or loss of a device
Your business laptop, smartphone, tablet, or other mobile device has been stolen or lost. What should you do now? In any case, think about the following things.
Report the lost device to your employer.
Block lost or stolen devices
In the case of smartphones and mobile devices, have the SIM card blocked by the supplier to prevent misuse or high costs.
Determine what protective measures were installed on the stolen or lost device.
Inventory privacy-sensitive information
Try to find out what (and whether privacy-sensitive) information was stored on the device.
Report data breaches
If privacy-sensitive data is stored unencrypted on the missing laptop, you must report this to the Dutch Data Protection Authority (Dutch DPA, Autoriteit Persoonsgegevens) within 72 hours. You must also notify the persons involved of any theft, loss, or abuse of personal data for which you are responsible. The General Data Protection Regulation (GDPR) demands that businesses register and file all data leaks. If you fail to notify any data breach in time, the DPA may impose a fine. Read more about the GDPR.
Report the theft to the device supplier or the company that provides service and maintenance for the device. Sometimes it happens that stolen equipment is presented to the supplier for repair or maintenance and can be traced.