Two NHS trusts rapped over data losses

  • 23 January 2009

The Information Commisioner’s Office has taken enforecment action against two NHS trusts for data losses that placed them in breach of the Data Protection Act.

The ICO found Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust were both in breach of the DPA for failing to secure patient data.

The two trusts have been required to sign formal Undertakings outlining that they will process personal information in the future. Failure to meet the terms of the Undertaking is likely to lead to further enforcement action by the ICO.

An unencrypted laptop containing the sensitive personal data of approximately 5,000 patients, including some health records, was stolen from the Abertawe Bro Morgannwg University NHS Trust.

Tees, Esk and Wear Valleys NHS Foundation Trust lost an unencrypted memory stick containing sensitive personal information relating to patients and Trust staff. The data stick was later returned to the trust.

The trusts will now implement a number of security measures to protect personal information more effectively. With immediate effect, all portable and mobile devices used to store and transmit personal data will be encrypted.

Mick Gorrill, Assistant Information Commissioner at the ICO, said: “Both these cases highlight the importance of implementing the appropriate safeguards to ensure sensitive personal details about patients are processed securely. Even though one case involved the theft of a laptop, the data controller (Abertawe Bro Morgannwg University NHS Trust) is responsible for ensuring any personal data is adequately protected.”

At the end of November the ICO found two Scottish Health Boards, NHS Tayside and NHS Lanarkshire, in breach of the DPA and required them to sign similar Undertakings.

Link

The Undertakings

NHS Tayside and Lanarkshire guilty of data breaches

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
Health tech can help reframe ageing as an opportunity not a problem

Health tech can help reframe ageing as an opportunity not a problem

Edinburgh's new Global Research Institute in Health and Care Technologies is working on solutions that will enable more people to age well, writes Professor Alan…
WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.