St Georges Healthcare NHS Trust

Loss of sensitive personal data.

How much
22,000 records.

6 unencrypted laptops containing the personal data of a number of patients were stolen from a locked office.


Regulatory action
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data. Mobile media devices must be encrypted to a suitable standard. Adequate checks must be carried out on contractor’s staff. All staff must receive adequate data protection training.

Reason for action
Due to network connection problems patient data had been stored on laptop C drives contrary to Trust policy and was not encrypted.

27 March 2009

View PDF of the St Georges Healthcare NHS Trust Undertaking (Breach Watch Archive)