Imperial College Healthcare NHS Trust

Loss of sensitive personal data.

How much
6,000 records.

Six laptops were stolen from a secure area within the hospital on two separate occasions. In a separate incident a small number of paper records were lost.


Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. Measures must be taken to ensure the physical security of all such devices containing personal information. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
One of laptops was unencrypted despite containing sensitive personal data.

29 July 2009

View PDF of the Imperial College Healthcare NHS Trust Undertaking (Breach Watch Archive)