What
Loss of sensitive personal data.

How much
Approximately 33,000 records.

Why
An unencrypted laptop was stolen from a retinal screening vehicle.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that all portable media devices used to store or transmit personal data are suitably encrypted. Physical security measures must be adequate to prevent unauthorised access to personal data. Staff must be made aware of and trained to follow the data controller’s policy for the storage, use, or disposal of personal data.

Reason for action
The vehicle was left unlocked and unattended during the theft.

When
14 December 2009

Links
View PDF of the Southampton University Hospitals NHS Trust Undertaking (Breach Watch Archive)