Monthly Archives: January 2009

Hastings and Rother Primary Care Trust

Posted on by

What
Loss of sensitive personal data.

How much
70 records.

Why
A desktop computer containing health data relating to a number of patients was stolen.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of equipment used to process personal data, whether on the data controller’s premises or those of another organisation. All staff must receive adequate data protection training.

Reason for action
It is believed that the computer was stolen by an opportunistic thief who entered the building via scaffolding that was not normally in place. The data controller did not own this building, but had not taken measures to safeguard the personal data held on the premises.

When
23 January 2009

Links
View PDF of the Hastings and Rother Primary Care Trust Undertaking (Breach Watch Archive)

Brent Teaching Primary Care Trust

Posted on by

What
Loss of sensitive personal data.

How much
70 records.

Why
Two unencrypted laptops containing sensitive personal data relating to 389 patients were stolen from a locked office.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of equipment used to process personal data. All such mobile devices must be encrypted, Staff must be adequately trained on the data controller’s information security policies.

Reason for action
The laptops were unencrypted and although the office was locked they were left out on a desk with no further physical security measures taken, contrary to the Trust’s own security policy.

When
19 January 2009

Links
View PDF of the Brent Teaching Primary Care Trust Undertaking (Breach Watch Archive)

Abertawe Bro Morgannwg University NHS Trust

Posted on by

What
Loss of personal data.

How much
5,000 records.

Why
An unencrypted laptop containing sensitive personal data relating to approximately 5,000 patients was stolen from an unlocked office.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the portable and mobile devices are encrypted to a suitable standard.

Reason for action
The Laptop was unencrypted and the office was not locked as it usually would have been.

When
14 January 2009

Links
View PDF of the Abertawe Bro Morgannwg University NHS Trust Undertaking (Breach Watch Archive)

Tees, Esk and Wear Valleys NHS Foundation Trust

Posted on by

What
Loss of personal data.

How much
Unknown.

Why
An unencrypted data stick holding personal data and sensitive personal data relating to health patients and trust staff was found by a member of the public and handed in to the press.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that only data sticks with suitable encryption are used by Trust staff and that an adequate encryption policy and procedures are put in place. All staff must be given appropriate data protection training.

Reason for action
The lost data stick was unencrypted and there was no encryption policy in place.

When
2 January 2009

Links
View PDF of the Tees, Esk and Wear Valleys NHS Foundation Trust Undertaking (Breach Watch Archive)