The Information Commissioner's Office (ICO) has found
two NHS trusts in breach of the Data Protection Act.
The Abertawe Bro Morgannwg University NHS Trust and Tees, Esk
and Wear Valleys NHS Foundation Trust have both signed formal
undertakings to conform to the Data Protection Act.
The ICO has ordered a number of organisations to sign
undertakings following breaches of the Data Protection Act.
Organisations include the
Home Office, Department of Health, Foreign and Commonwealth
Office and Orange Personal Communications Services.
"The Data Protection Act clearly states that organisations must
take appropriate measures to ensure that personal information is
kept secure," the ICO said in a statement.
The trusts will implement a number of security measures to
protect personal information more effectively.
With immediate effect, all portable and mobile devices used to
store and transmit personal data will be encrypted.
An unencrypted laptop containing the sensitive personal data of
5,000 patients, including some health records, was stolen from the
Abertawe Bro Morgannwg University NHS Trust.
Tees, Esk and Wear Valleys NHS Foundation Trust informed the ICO
that an unencrypted memory stick had been lost containing sensitive
personal information relating to patients and staff.
The memory stick was later recovered.
Mick Gorrill, assistant information commissioner at the ICO,
said both these cases highlight the importance of implementing the
appropriate safeguards to ensure sensitive personal details about
patients are processed securely.
"Even though one case involved the theft of a laptop, the data
controller (Abertawe Bro Morgannwg University NHS Trust) is
responsible for ensuring any personal data is adequately
protected.
"The Data Protection Act clearly states that organisations must
take appropriate measures to ensure that personal information is
kept secure," he said.
Failure to meet the terms of the undertaking is likely to lead
to further enforcement action, the ICO said in a statement.