The Information Commissioner’s Office (ICO) has issued two local authorities with monetary penalties for serious breaches of the Data Protection Act after two laptops containing sensitive personal information of around 1,700 individuals were stolen from an employee’s home. Although both laptops were password protected they were unencrypted – despite this being in breach of both councils’ policies. This serves as a reminder to FE and HE institutions to review their practices with regard to the handling of sensitive personal data of learners and others. For example, are there avoidable risks to individual's privacy in the way that information is being processed? Data protection compliance should be designed into systems that are processing personal information from the start. In many cases conducting a Privacy Impact Assessment can be a useful method of gauging the privacy risks to individuals. Further details of the story can be found on the ICO website at - http://www.ico.gov.uk/. The Privacy Impact Assessment (PIA) handbook can be accessed on the ICO website at - http://www.ico.gov.uk/upload/documents/pia_handbook_html_v2/index.html.