Loss of sensitive personal data.
6 unencrypted laptops containing the personal data of a number of patients were stolen from a locked office.
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data. Mobile media devices must be encrypted to a suitable standard. Adequate checks must be carried out on contractor’s staff. All staff must receive adequate data protection training.
Reason for action
Due to network connection problems patient data had been stored on laptop C drives contrary to Trust policy and was not encrypted.
27 March 2009