Monthly Archives: October 2011

Newcastle Youth Offending Team

Posted on by

What

Loss of sensitive personal data.

How much

100 records.

Why

Theft of an unencrypted laptop from a home address of an employee of a hired data processor.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all data processors contracted on the data controllers behalf comply with the principles of the Act and in particular that all potable media devices are sufficiently encrypted.

Reason for action

The data controller did not have an appropriate contract in place with the data processor which stipulated the need to encrypt devices containing personal data.

When

28 October 2011.

Links

View PDF of the Newcastle Youth Offending Team Undertaking (Via ICO Website)

View PDF of the Newcastle Youth Offending Team Undertaking (Breach Watch Archive)

University Hospitals Coventry & Warwickshire NHS Trust

Posted on by

What

Loss of sensitive personal data on two occasions.

How much

One record and 18 records.

Why

A patient’s medical record was allegedly found in a waste bin outside Coventry’s University Hospital by a member of the public. Two months previously the records of 18 patients were found in a public waste bin in a residential apartment block.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that policies relating to the storage, use, disposure and removal from the premises of personal information are made clear to staff and that compliance is monitored.

Reason for action

The short time between the two incidents suggested that insufficient measures were being taken to safeguard personal data.

When

27 October 2011.

Links

View PDF of the University Hospitals Coventry & Warwickshire NHS Trust Undertaking (Via ICO Website)

View PDF of the University Hospitals Coventry & Warwickshire NHS Trust Undertaking (Breach Watch Archive)

Spectrum Housing Group

Posted on by

What

Personal data relating to employees accidently sent to an outside recipient.

How much

200 records.

Why

Records accidently sent to an outside recipient due to the data controllers’ e-mail system automatically predicting the intended recipient based on previous sent messages.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that personal data will only be sent by email when necessary. Data should be made secure and staff should be made aware of company policies.

Reason for action

Insufficient measures were taken to prevent an accidental loss of unsecured personal information.

When

19 October 2011.

Links

View PDF of the Spectrum Housing Group Undertaking (Via ICO Website)

View PDF of the Spectrum Housing Group Undertaking (Breach Watch Archive)

Dumfries and Galloway Council

Posted on by

What

Accidental online disclosure of staff’s personal information.

How much

887 records.

Why

Records were accidently published online in response to a Freedom of Information (Scotland) Act request.

Regulator

ICO

Regulatory action

Undertaking issued to undergo an externally commissioned audit and to put it place checks to prevent another such occurrence.

Reason for action

Insufficient measures were taken to prevent an accidental loss of unsecured personal information.

When

17 October 2011.

Links

View PDF of the Dumfries and Galloway Council Undertaking (Via ICO Website)

View PDF of the Dumfries and Galloway Council Undertaking (Breach Watch Archive)

Association of School and College Leaders

Posted on by

What

Loss of sensitive personal data.

How much

100 records.

Why

Theft of unencrypted laptop from staff member’s home.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all portable media devices are encrypted.

Reason for action

Although encryption software was provided, whether or not to use it was left to the discretion of staff members.

When

05 October 2011.

Links

View PDF of the Association of School and College Leaders Undertaking (Via ICO Website)

View PDF of the Association of School and College Leaders Undertaking (Breach Watch Archive)

Holly Park School

Posted on by

What

Loss of sensitive personal data.

How much

Nine records.

Why

Theft of an unencrypted laptop from school premises.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all portable media devices are encrypted and are kept physically secure.

Reason for action

Although the laptop was kept in a locked filling cabinet the office it was housed in was not locked.

When

05 October 2011.

Links

View PDF of the Holly Park School Undertaking (Via ICO Website)

View PDF of the Holly Park School Undertaking (Breach Watch Archive)

Dartford and Gravesham NHS Trust

Posted on by

What

Accidental destruction of achieved records containing sensitive personal data.

How much

10,000 records.

Why

Records accidently placed in a disposal room.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that data is physically secure against destruction.

Reason for action

Due to a lack of space in achieves, records were placed in a disposal room and accidently disposed of.

When

04 October 2011.

Links

View PDF of the Dartford and Gravesham NHS Trust Undertaking (Via ICO Undertaking)

View PDF of the Dartford and Gravesham NHS Trust Undertaking (Breach Watch Archive)

Poole Hospital NHS Trust

Posted on by

What

Loss of sensitive personal data.

How much

240 records.

Why

Theft of two diaries stolen from a nurses’ car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that data is kept physically secure both at home and in the work place and that personal data is kept to the minimum required and anonymised where possible.

Reason for action

The diaries contained information the nurse might need off hours, but were kept, unsecured, in her car outside her home.

When

04 October 2011.

Links

View PDF of the Poole Hospital NHS Trust Undertaking (Via ICO Website)

View PDF of the Poole Hospital NHS Trust Undertaking (Breach Watch Archive)