What
Loss of sensitive personal data.
How much
1,000 records.
Why
Two desktop computers were stolen from premises with minimal security.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that portable media devices and laptops containing personal data are suitably encrypted and password protected. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage or use of personal data.
Reason for action
The desktop computers were both unencrypted and without password protection. The data held on these computers should have been held on a network server. The premises where the computers were stored had no intruder alarm or security locks.
When
3 November 2009
Links
View PDF of the Great Yarmouth & Waveney Primary Care Trust Undertaking (Breach Watch Archive)