Chelsea & Westminster Hospital

What
Loss of sensitive personal data.

How much
143 records.

Why
An unencrypted memory stick containing patient information was stolen from an unattended and unlocked office being used for a walk in clinic.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
The disc was not encrypted and in fact was not even password protected The employee was not aware that secure network drive and encryption facilities were available and had used a personal memory stick since Trust equipment was not available.

When
2 June 2009

Links
View PDF of the Chelsea & Westminster Hospital Undertaking (Breach Watch Archive)

FCA/FSA (7)	£ 7,777,000
ICO DPA (55)	£ 5,573,500