Tag Archives: Loss of Sensitive Personal Data

Central Essex Community Services

Posted on by

What

Loss of sensitive personal data.

How much

249 records.

Why

Loss of a birth book from a locked storage room.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that sufficient physical security measures are in place for the storage of paper medical records and compliance with these measures are monitored.

Reason for action

The birth book was supposed to be locked in a filing cabinet in accordance with the data controller’s policy, but it was stored on top of the cabinet due to a lack of storage space.

When

21 November 2011.

Links

View PDF of the Central Essex Community Services Undertaking (Via ICO Website)

View PDF of the Central Essex Community Services Undertaking (Breach Watch Archive)

Ruth Crawford QC

Posted on by

What

Loss of sensitive personal data.

How much

Unknown.

Why

Theft of an unencrypted laptop from the Data Controller’s home.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that personal media devices used to store data are sufficiently encrypted.

Reason for action

Although it was concluded that the laptop was suitably secure physically, insufficient technical security measures were taken.

When

16 November 2011.

Links

View PDF of the Ruth Crawford QC Undertaking (Via ICO Website)

View PDF of the Ruth Crawford QC Undertaking (Breach Watch Archive)

Phoenix Nursery School

Posted on by

What

Loss of sensitive personal data.

How much

Unknown.

Why

A backup tape and supporting device containing details of pupils, parents and guardians was lost.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that in the future all personal data is encrypted to a sufficient standard and that current operational procedures are reviewed and revised.

Reason for action

While the backup tape did not appear to have been stolen, it could not be located. The data controller contacted all parents and guardians effected by the incident to advise them accordingly. However although the data on the device was recovered in full, the Commissioner’s investigation revealed that the technical measures employed by the school were inadequate.

When

16 November 2011.

Links

View PDF of the Phoenix Nursery School Undertaking (Via ICO Website)

View PDF of the Phoenix Nursery School Undertaking (Breach Watch Archive)

Oliver Letwin, MP

Posted on by

What

Loss of sensitive personal data.

How much

“Numerous”

Why

The data controller was disposing of documents in public waste bins in St James’ Park.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that any documents containing personal data must be disposed in a secure manner, such as shredding, pulping or incineration.

Reason for action

Some of the documents disposed of in the public waste bins included personal information such as names and addresses.

When

15 November 2011.

Links

View PDF of the Oliver Letwin MP Undertaking (Via ICO Website)

View PDF of the Oliver Letwin MP Undertaking (Breach Watch Archive)

Newcastle Youth Offending Team

Posted on by

What

Loss of sensitive personal data.

How much

100 records.

Why

Theft of an unencrypted laptop from a home address of an employee of a hired data processor.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all data processors contracted on the data controllers behalf comply with the principles of the Act and in particular that all potable media devices are sufficiently encrypted.

Reason for action

The data controller did not have an appropriate contract in place with the data processor which stipulated the need to encrypt devices containing personal data.

When

28 October 2011.

Links

View PDF of the Newcastle Youth Offending Team Undertaking (Via ICO Website)

View PDF of the Newcastle Youth Offending Team Undertaking (Breach Watch Archive)

University Hospitals Coventry & Warwickshire NHS Trust

Posted on by

What

Loss of sensitive personal data on two occasions.

How much

One record and 18 records.

Why

A patient’s medical record was allegedly found in a waste bin outside Coventry’s University Hospital by a member of the public. Two months previously the records of 18 patients were found in a public waste bin in a residential apartment block.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that policies relating to the storage, use, disposure and removal from the premises of personal information are made clear to staff and that compliance is monitored.

Reason for action

The short time between the two incidents suggested that insufficient measures were being taken to safeguard personal data.

When

27 October 2011.

Links

View PDF of the University Hospitals Coventry & Warwickshire NHS Trust Undertaking (Via ICO Website)

View PDF of the University Hospitals Coventry & Warwickshire NHS Trust Undertaking (Breach Watch Archive)

Association of School and College Leaders

Posted on by

What

Loss of sensitive personal data.

How much

100 records.

Why

Theft of unencrypted laptop from staff member’s home.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all portable media devices are encrypted.

Reason for action

Although encryption software was provided, whether or not to use it was left to the discretion of staff members.

When

05 October 2011.

Links

View PDF of the Association of School and College Leaders Undertaking (Via ICO Website)

View PDF of the Association of School and College Leaders Undertaking (Breach Watch Archive)

Holly Park School

Posted on by

What

Loss of sensitive personal data.

How much

Nine records.

Why

Theft of an unencrypted laptop from school premises.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all portable media devices are encrypted and are kept physically secure.

Reason for action

Although the laptop was kept in a locked filling cabinet the office it was housed in was not locked.

When

05 October 2011.

Links

View PDF of the Holly Park School Undertaking (Via ICO Website)

View PDF of the Holly Park School Undertaking (Breach Watch Archive)

Dartford and Gravesham NHS Trust

Posted on by

What

Accidental destruction of achieved records containing sensitive personal data.

How much

10,000 records.

Why

Records accidently placed in a disposal room.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that data is physically secure against destruction.

Reason for action

Due to a lack of space in achieves, records were placed in a disposal room and accidently disposed of.

When

04 October 2011.

Links

View PDF of the Dartford and Gravesham NHS Trust Undertaking (Via ICO Undertaking)

View PDF of the Dartford and Gravesham NHS Trust Undertaking (Breach Watch Archive)

Poole Hospital NHS Trust

Posted on by

What

Loss of sensitive personal data.

How much

240 records.

Why

Theft of two diaries stolen from a nurses’ car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that data is kept physically secure both at home and in the work place and that personal data is kept to the minimum required and anonymised where possible.

Reason for action

The diaries contained information the nurse might need off hours, but were kept, unsecured, in her car outside her home.

When

04 October 2011.

Links

View PDF of the Poole Hospital NHS Trust Undertaking (Via ICO Website)

View PDF of the Poole Hospital NHS Trust Undertaking (Breach Watch Archive)