Nightingale Practice

Loss sensitive of personal data.

How much
7,700 records.

10 back up tapes and a USB portable hard drive were stolen. The USB hard drive and five of the back up tapes were not encrypted.


Regulatory action
Undertaking issued to ensure that the physical security of personal data be ensured. All portable media devices containing personal data must be encrypted. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.

Reason for action
Physical security was adequate, as the devices were kept in a locked firesafe in a locked and alarmed environment, but the lack of encryption was unacceptable.

10 July 2009

View PDF of the Nightingale Practice Undertaking (Breach Watch Archive)