The Information Commissioner’s Office (ICO) has found Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust in breach of the Data Protection Act.
The ICO has required both NHS Trusts to sign formal Undertakings outlining that they will process personal information in line with the Data Protection Act. The Trusts will implement a number of security measures to protect personal information more effectively. With immediate effect, all portable and mobile devices used to store and transmit personal data will be encrypted.
An unencrypted laptop containing the sensitive personal data of approximately 5,000 patients, including some health records, was stolen from the Abertawe Bro Morgannwg University NHS Trust.
Tees, Esk and Wear Valleys NHS Foundation Trust informed the ICO that an unencrypted memory stick had been lost containing sensitive personal information relating to patients and Trust staff. The Trust initiated its own investigation after the data stick was returned to the Trust.
Mick Gorrill, Assistant Information Commissioner at the ICO, said: “Both these cases highlight the importance of implementing the appropriate safeguards to ensure sensitive personal details about patients are processed securely. Even though one case involved the theft of a laptop, the data controller (Abertawe Bro Morgannwg University NHS Trust) is responsible for ensuring any personal data is adequately protected.
“The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure.”
www.ico.gov.uk
Visit the Fuse Learning website at: www.fuselearning.co.uk
You must log in to post a comment.