Glouchestershire Primary Care Trust

What
Loss of sensitive personal data.

How much
About 2,270 records.

Why
Six unencrypted desktop computers containing personal data relating to 2,270 patients were stolen from a locked office.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that portable media devices and laptops containing personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage or use of personal data.

Reason for action
The computers were password protected but not encrypted. The patient data should have been held on a local server rather than on the hard drives of the stolen computers.

When
15 October 2009

Links
View PDF of the Glouchestershire Primary Care Trust Undertaking (Breach Watch Archive)