Dartford and Gravesham NHS Trust

What

Accidental destruction of achieved records containing sensitive personal data.

How much

10,000 records.

Why

Records accidently placed in a disposal room.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that data is physically secure against destruction.

Reason for action

Due to a lack of space in achieves, records were placed in a disposal room and accidently disposed of.

When

04 October 2011.

Links

View PDF of the Dartford and Gravesham NHS Trust Undertaking (Via ICO Undertaking)

View PDF of the Dartford and Gravesham NHS Trust Undertaking (Breach Watch Archive)

Poole Hospital NHS Trust

What

Loss of sensitive personal data.

How much

240 records.

Why

Theft of two diaries stolen from a nurses’ car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that data is kept physically secure both at home and in the work place and that personal data is kept to the minimum required and anonymised where possible.

Reason for action

The diaries contained information the nurse might need off hours, but were kept, unsecured, in her car outside her home.

When

04 October 2011.

Links

View PDF of the Poole Hospital NHS Trust Undertaking (Via ICO Website)

View PDF of the Poole Hospital NHS Trust Undertaking (Breach Watch Archive)

Royal Liverpool and Broadgreen University Hospitals NHS Trust

What

Loss of sensitive personal data on two occasions.

How much

22 records and 27 records.

Why

  • Ward handover sheets were discovered in a street near the hospital.
  • A clinic bag containing paper documents was stolen from a staff members’ car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff are made aware of the requirements for keeping data secure.

Reason for action

Both occasions seem to have been caused by staff failing to take the proper precautions.

When

15 September 2011.

Links

View PDF of the Royal Liverpool and Broadgreen University Hospitals NHS Trust Undertaking (Via ICO Website)

View PDF of the Royal Liverpool and Broadgreen University Hospitals NHS Trust Undertaking (Breach Watch Archive)

Walsall Council

What

Accidental disposal of personal data.

How much

951 records.

Why

The appointed data processor accidentally disposed of postal vote statements in a skip.

Regulator

ICO

Regulatory action

Undertaking issued to insure that in the future a written contract exists between data processors and the controller.

Reason for action

There was no written contract between the data controller and the data processor..

When

09 September 2011.

Links

View PDF of the Walsall Council Undertaking (Via ICO Website)

View PDF of the Walsall Council Undertaking (Breach Watch Archive)

The Scottish Children’s Reporter Administration

What

Loss of sensitive personal data.

How much

10 records.

Why

An email containing sensitive information was sent to an unknown 3rd party and nine case files were temporarily lost during a move.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff are made aware that they may not send data to personal email accounts.

Reason for action

Information was emailed despite a policy being in place that stated this could only be done if sent to an equally secure recipient. A filing cabinet was not checked for case files during a move.

When

02 September 2011.

Links

View PDF of the Scottish Children’s Reporter Administration Undertaking (Via ICO Website)

View PDF of the Scottish Children’s Reporter Administration Undertaking (Breach Watch Archive)

Kirklees Metropolitan Council

What

Personal data unnecessarily disclosed.

How much

18 records.

Why

Records let visible in an employees’ car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that sufficient security measures are implemented and checked to prevent inappropriate disclosure of personal data.

Reason for action

Similar accidental disclosures had already occurred during the past year and insufficient measures had been put into place to prevent any reoccurrences.

When

29 July 2011.

Links

View PDF of the Kirklees Metropolitan Council Undertaking (Via ICO Website)

View PDF of the Kirklees Metropolitan Council Undertaking (Breach Watch Archive)

Northamptonshire Healthcare NHS Foundation Trust

What

Loss of sensitive personal data on two occasions.

How much

One record.

Why

A patient’s records had not been indexed.

Regulator

ICO

Regulatory action

Undertaking issued to ensure sufficient measures are put into place for the storage and security of physical records.

Reason for action

Not all records held by the data controller were indexed.

When

18 July 2011.

Links

View PDF of the Northamptonshire Healthcare NHS Foundation Trust Undertaking (Via ICO Website)

View PDF of the Northamptonshire Healthcare NHS Foundation Trust Undertaking (Breach Watch Archive)

Ms Raisa Saley, barrister at law

What

Loss of sensitive personal data.

How much

“Considerable”

Why

Loss of a bundle of legal papers while commuting by train.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that personal data would not be taken off site unless strictly necessary and that records are kept secure.

Reason for action

The records were taken off-site in an unlocked suitcase, which was then lost.

When

05 July 2011.

Links

View PDF of the Ms Raisa Saley Undertaking (Via ICO Website)

View PDF of the Ms Raisa Saley Undertaking (Breach Watch Archive)

The Ipswitch Hospital NHS Trust

What

Loss of sensitive personal data.

How much

29 records.

Why

A member of staff lost patient’s records in a public place.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that personal data is kept sufficiently secure and that staff are made aware that the removal of such data without clearance is unacceptable.

Reason for action

The member of staff had recently joined the organisation and received no information governance training. This followed a similar loss of data the previous year.

When

01 July 2011.

Links

View PDF of the Ipswitch Hospital NHS Trust Undertaking (Via ICO Website)

View PDF of the Ipswitch Hospital NHS Trust Undertaking (Breach Watch Archive)

Surbiton Children’s Central Nursery

What

Loss of personal data.

How much

21 records

Why

A teacher’s bag was stolen containing an unencrypted memory stick and paperwork.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that portable data devices are encrypted  and that staff only take data off site when absolutely necessary.

Reason for action

The memory stick, containing personal data, was unencrypted.

When

14 June 2011.

Links

View PDF of the Surbiton Children’s Central Nursery Undertaking (Via ICO Website)

View PDF of the Surbiton Children’s Central Nursery Undertaking (Breach Watch Archive)