Surrey and Sussex Healthcare NHS Trust

What
Loss of sensitive personal data.

How much
103 records.

Why
A ward hand over sheet was lost and two unencrypted laptops were stolen.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
The hand over sheet was later located on a bus. The laptops were protected by three locked doors, but the investigation revealed that staff had poor knowledge of the requirement to store data relating to trust business on secure network drives.

When
3 June 2009

Links
View PDF of the Surrey and Sussex Healthcare NHS Trust Undertaking (Breach Watch Archive)