Loss of sensitive personal data.
About 361 records.
Two laptop computers were stolen and in a separate incident, a desktop computer was stolen. In both cases these devices held the personal data of patients.
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data being processed. All storage devices must be sufficiently encrypted. All staff must receive adequate training in order to fulfil their obligations under such policies.
Reason for action
In both cases the machines were password protected but not encrypted. In the second incident a swipe card security system that controlled entry to the building has been disabled for maintenance.
19 March 2009