Loss of sensitive personal data.
An encrypted memory stick containing data relating to medical treatment was lost by a member of staff.
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data being processed and that mobile media devices must be encrypted to a suitable standard. All staff must receive adequate data protection training.
Reason for action
The data controller did not ensure sufficient security measures were in place to prevent the loss of the data in question. The memory stick had a “Post it” sticker adhered to it containing the applicable password for the use of the stick.
8 April 2009