What
Loss of sensitive personal data.
How much
741 records.
Why
An unencrypted memory stick containing the personal data of patients was left unattended in a car and found by a car wash attended to was able to access the device and establish its ownership.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data being processed by the Trust. Mobile media devices must be encrypted to a suitable standard. All staff must receive adequate data protection training.
Reason for action
The data controller did not ensure sufficient security measures were in place to prevent the unauthorised transfer of data onto a non-trust owned, unencrypted memory stick.
When
03 April 2009