Loss of sensitive personal data.
A few records.
A laptop storing a number of details relating to patients who had received mental healthcare within the trust, together with a number of staff records, was lost.
Undertaking issued to ensure that all portable media devices used to store or transmit personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage, use, retention, or disposal of personal data.
Reason for action
The laptop was stored stored in an unlocked filling cabinet in a secure, but not alarmed, office. At the time the majority of data stored on the laptop was out of data and had no business need to be retained.
9 April 2010