Brent Teaching Primary Care Trust

What
Loss of sensitive personal data.

How much
70 records.

Why
Two unencrypted laptops containing sensitive personal data relating to 389 patients were stolen from a locked office.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of equipment used to process personal data. All such mobile devices must be encrypted, Staff must be adequately trained on the data controller’s information security policies.

Reason for action
The laptops were unencrypted and although the office was locked they were left out on a desk with no further physical security measures taken, contrary to the Trust’s own security policy.

When
19 January 2009

Links
View PDF of the Brent Teaching Primary Care Trust Undertaking (Breach Watch Archive)