The Information Commissioner's Office (ICO) has found a third
NHS trust in breach of the Data Protection Act within a month.
The latest enforcement action is against Brent Teaching Primary
Care Trust over the theft of two laptops containing personal
information about 389 patients.
The laptops were stored in a locked office, but were left out on
a desk in breach of the trust's security procedures and were not
encrypted.
Brent PCT has signed
a formal undertaking to process personal information in line
with the Data Protection Act.
Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and
Wear Valleys NHS Foundation Trust
signed similar agreements in January.
The ICO has ordered a number of other organisations to sign
undertakings following breaches of the Data Protection Act.
Organisations include the
Home Office, Department of Health, Foreign and Commonwealth
Office and Orange Personal Communications Services.
Mick Gorrill, assistant information commissioner, said the ICO
was concerned about the way some NHS organisations are transferring
sensitive records onto laptops and other mobile devices that are
not encrypted.
"Organisations need to ensure they implement appropriate
safeguards to ensure personal details about patients are processed
securely," he said.
The Brent Teaching Primary Care Trust has undertaken to ensure
staff are adequately trained and to encrypt all portable and mobile
devices used to store and transmit personal information.
Failure to meet the terms of the undertaking is likely to lead
to further enforcement action by the ICO, said Gorrill.