Insecure storage of sensitive personal data.
“A large number”
A reporter discovered the insecure storage of hospitals records relating to medical tests and treatment.
Undertaking issued to ensure that appropriate security measures are in place to restrict access to areas where personal data is stored. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
The data controller did not ensure sufficient security measures were in place to prevent the possibility of unauthorised access to the data over the course of two years.
11 June 2009