Staff at a Kent insurance firm have been insufficiently trained in data security, an Information Security Office (ICO) investigation has shown.

The Jubilee Managing Agency has come under scrutiny from the regulator after it lost the personal data of 2,100 individual UK policyholders.

A subsequent investigation revealed that appropriate data back-up procedures had been taken to protect the details, which were lost on a mislaid unencrypted disk.

The investigation also revealed a general lack of detailed data security procedures and insufficient staff training.

Sally-anne Poole, head of enforcement and investigations at the ICO, explained that businesses need to ensure appropriate safeguards are in place to protect personal information.

She said: "Organisations should only retain personal information for as long as necessary.

"It is a matter of some concern to us that expired policies, including financial details, were still available and stored on unencrypted devices."

The incident comes after Manchester City Council were required by the ICO to sign formal undertakings to ensure mobile devices including laptops were encrypted to protect against data security threats.

In a recent survey of SMEs for Connect, the two most important benefits of outsourcing were guaranteed response times and allowing in-house IT staff to concentrate on more strategic issues.