Monthly Archives: August 2009

Ipswitch Hospital NHS Trust

Posted on by

What
Loss of sensitive personal data.

How much
30 records.

Why
A ward handover sheet was found outside the data controller’s premises. This was the second time inside a year that such an incident had been reported to the Commissioner.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all staff are made aware of the data controller’s policy for the storage and use of personal data and be trained to follow it.

Reason for action
Following the incident in 2008 recommendations had been made to minimise the risk of such documents going astray, including instructions to dispose of these in confidential waste and never to remove them from Trust premises, but it was clear that these had not been adhered to by staff.

When
25 August 2009

Links
View PDF of the Ipswich Hospital NHS Trust Undertaking (Breach Watch Archive)

Wigan Council

Posted on by

What
Loss of sensitive personal data.

How much
43,000 records.

Why
An unencrypted laptop was stolen from a locked office.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
The personal data contained on the unencrypted laptop was downloaded onto it in breach of Council policy.

When
18 August 2009

Links
View PDF of the Wigan Council Limited Undertaking (Breach Watch Archive)

NHS Education for Scotland

Posted on by

What
Loss of sensitive personal data.

How much
6,377 records.

Why
An unencrypted laptop containing the personal data of 6,377 individuals was stolen from a locked office.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
The laptop was not encrypted as it not intended to taken off NES premises and was therefore not considered a “mobile device” under NES internal policy at the time.

When
14 August 2009

Links
View PDF of the NHS Education for Scotland Undertaking (Breach Watch Archive)

UPS Limited

Posted on by

What
Loss of personal data.

How much
9,150 records.

Why
An unencrypted laptop containg payroll data was stolen from the home of an employee of the data controller

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
The laptop was unencrypted, although the data controller has begun steps to introduce a policy to address this issue.

When
7 August 2009

Links
View PDF of the UPS Limited Undertaking (Breach Watch Archive)