Loss of sensitive personal data.
Six laptops were stolen from a secure area within the hospital on two separate occasions. In a separate incident a small number of paper records were lost.
Undertaking issued to ensure that all mobile data storage devices are sufficiently encrypted. Measures must be taken to ensure the physical security of all such devices containing personal information. All staff must be made aware of the data controller’s policy for the storage of personal data and be trained to follow it.
Reason for action
One of laptops was unencrypted despite containing sensitive personal data.
29 July 2009