What
Loss of sensitive personal data.
How much
20,000 records.
Why
An unencrypted disc containing patient information was discovered to be missing.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
The disc was not encrypted and the member of staff responsible for downloaded the data was believed to have known of its loss for five months before reporting it. It’s whereabouts and the precise circumstances regarding its loss are unknown.
When
8 June 2009
Links
View PDF of the Royal Hampstead NHS Trust Undertaking (Breach Watch Archive)