Log In
Saturday 17th March 2018

Two trusts in trouble over data losses

26th January 2009

The Information Commisioner’s Office (ICO) has said two health service trusts have breached the Data Protection Act because they lost sensitive information.


Abertawe Bro Morgannwg University NHS Trust had a laptop stolen which was not encrypted and contained the data of around 5,000 patients.

Tees, Esk and Wear Valleys NHS Foundation Trust were guilty of losing an unencrypted memory stick which had patients and staff data stored on it, although it was given back to the trust at a later date.

The ICO said Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust had not secured patient records and as a result both had to sign "formal undertakings".

These undertakings require the trusts to outline how they will act to protect patients' records. If the trusts do not satisfy the requirements of the undertaking then they may face further action by the ICO.

The trusts now need to put in place rules to ensure patient data is stored securely, including the encryption of "all portable and mobile devices" which store patient information.

Mick Gorrill, Assistant Information Commissioner at the ICO, said: "Both these cases highlight the importance of implementing the appropriate safeguards to ensure sensitive personal details about patients are processed securely. Even though one case involved the theft of a laptop, the data controller is responsible for ensuring any personal data is adequately protected."


Share this page


There are no comments for this article, be the first to comment!

Post your comment

Only registered users can comment. Fill in your e-mail address for quick registration.

Your email address:

Your comment will be checked by a Healthcare Today moderator before it is published on the site.

Mayden - Innovative cloud-based web development for the healthcare sector
© Mayden Foundation 2018