Lost or stolen device with municipal access
Laptop, phone, or tablet with municipal data goes missing.
The scenario
A council member's tablet, a staff laptop, or a department iPhone is lost or stolen. It may contain email, documents, or access to municipal systems.
Who this is for: IT lead, the device's user, CAO.
First steps
- 1. Remotely wipe the device immediatelyFirst hour
MDM (Intune, Jamf, Google Endpoint Management) supports this. If no MDM, change the user's password and revoke active sessions in M365 / Workspace — this invalidates email and document access.
- 2. Revoke MFA tokens registered to the deviceFirst hour
Authenticator apps on the lost device need to be invalidated and re-enrolled on a replacement.
- 3. File a police report if stolenFirst day
Required by insurance and useful if the device surfaces later.
- 4. Confirm what data was on the deviceFirst day
Email cache, downloaded documents, cached SharePoint/Drive content, locally-saved files. This determines whether breach notification is triggered.
Continuity of service
- Issue a replacement device within 48 hours so the affected role can resume work; don't let the loss compound into a service outage.
Communication
Brief notice that a device was lost and remediated; details only if data exposure is confirmed.
Regulator hand-off
- Only if confirmed unencrypted data with PII was on the device — then standard breach-notification rules apply.
FAQ
Usually not, if the device was encrypted (FileVault, BitLocker, iOS/Android default encryption) and the wipe was completed before the device was unlocked. Document the encryption state and wipe timestamp.