The North West London Hospitals NHS Trust

What
Loss of sensitive personal data.

How much
About 361 records.

Why
Two laptop computers were stolen and in a separate incident, a desktop computer was stolen. In both cases these devices held the personal data of patients.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data being processed. All storage devices must be sufficiently encrypted. All staff must receive adequate training in order to fulfil their obligations under such policies.

Reason for action
In both cases the machines were password protected but not encrypted. In the second incident a swipe card security system that controlled entry to the building has been disabled for maintenance.

When
19 March 2009

Links
View PDF of the North West London Hospitals NHS Trust Undertaking (Breach Watch Archive)

FCA/FSA (7)	£ 7,777,000
ICO DPA (55)	£ 5,573,500