Stolen or lost device
It is common for employees to have a laptop and/or mobile devices for their work. Especially people who are often on the road because of their job, or who work from home, for example. Laptops and mobile devices can be lost or stolen, and with it the information on them. For an organisation, unauthorised disclosure of sensitive information can have major (and sometimes financial) consequences.
Checklist actions after theft or loss of a device
Your business laptop, smartphone, tablet, or other mobile device has been stolen or lost. What should you do now? In any case, think about the following things.
Report it
Report the lost device to your employer.
Block lost or stolen devices
In the case of smartphones and mobile devices, have the SIM card blocked by the supplier to prevent misuse or high costs.
File a report
In the event of theft, report it to the police.
Make an inventory of protective measures
Determine what protective measures were installed on the stolen or lost device.
Inventory privacy-sensitive information
Try to find out what (and whether privacy-sensitive) information was stored on the device.
Report data breaches
If privacy-sensitive data is stored unencrypted on the missing laptop, you must report this to the Dutch Data Protection Authority (Dutch DPA, Autoriteit Persoonsgegevens) within 72 hours. You must also notify the persons involved of any theft, loss, or abuse of personal data for which you are responsible. The General Data Protection Regulation (GDPR) demands that businesses register and file all data leaks. If you fail to notify any data breach in time, the DPA may impose a fine. Read more about the GDPR.
Change passwords
List the usernames used on the device and block or change the passwords of these usernames.
Report it to the supplier
Report the theft to the device supplier or the company that provides service and maintenance for the device. Sometimes it happens that stolen equipment is presented to the supplier for repair or maintenance and can be traced.