Two NHS trusts rapped over data losses

  • 23 January 2009

The Information Commisioner’s Office has taken enforecment action against two NHS trusts for data losses that placed them in breach of the Data Protection Act.

The ICO found Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust were both in breach of the DPA for failing to secure patient data.

The two trusts have been required to sign formal Undertakings outlining that they will process personal information in the future. Failure to meet the terms of the Undertaking is likely to lead to further enforcement action by the ICO.

An unencrypted laptop containing the sensitive personal data of approximately 5,000 patients, including some health records, was stolen from the Abertawe Bro Morgannwg University NHS Trust.

Tees, Esk and Wear Valleys NHS Foundation Trust lost an unencrypted memory stick containing sensitive personal information relating to patients and Trust staff. The data stick was later returned to the trust.

The trusts will now implement a number of security measures to protect personal information more effectively. With immediate effect, all portable and mobile devices used to store and transmit personal data will be encrypted.

Mick Gorrill, Assistant Information Commissioner at the ICO, said: “Both these cases highlight the importance of implementing the appropriate safeguards to ensure sensitive personal details about patients are processed securely. Even though one case involved the theft of a laptop, the data controller (Abertawe Bro Morgannwg University NHS Trust) is responsible for ensuring any personal data is adequately protected.”

At the end of November the ICO found two Scottish Health Boards, NHS Tayside and NHS Lanarkshire, in breach of the DPA and required them to sign similar Undertakings.

Link

The Undertakings

NHS Tayside and Lanarkshire guilty of data breaches

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield NHS Foundation Trust has achieved a stage 6 validation from HIMSS for its use of data and approach to data science.
ICO guidance on transparency published for health and care sector

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.