2gether NHS Foundation Trust

What
Loss of sensitive personal data.

How much
56 records.

Why
Four desktop computers, one laptop and a memory stick containing sensitive personal data relating to patients were stolen from a locked room in the Trust’s building.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of equipment used to process physical data. Mobile media devices must be encrypted to a suitable standard and a clear policy covering the storage and use of personal data is implemented All staff must receive adequate data protection training.

Reason for action
The laptop and memory stick were not encrypted, or locked away out of site, contrary to Trust policy.

When
24 March 2009

Links
View PDF of the 2gether NHS Foundation Trust Undertaking (Breach Watch Archive)

FCA/FSA (7)	£ 7,777,000
ICO DPA (55)	£ 5,573,500