The Information Commissioner's Office (ICO) has found two NHS trusts in breach of the Data Protection Act.
The Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust have both signed formal undertakings to conform to the Data Protection Act.
The ICO has ordered a number of organisations to sign undertakings following breaches of the Data Protection Act.
Organisations include the Home Office, Department of Health, Foreign and Commonwealth Office and Orange Personal Communications Services.
"The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure," the ICO said in a statement.
The trusts will implement a number of security measures to protect personal information more effectively.
With immediate effect, all portable and mobile devices used to store and transmit personal data will be encrypted.
An unencrypted laptop containing the sensitive personal data of 5,000 patients, including some health records, was stolen from the Abertawe Bro Morgannwg University NHS Trust.
Tees, Esk and Wear Valleys NHS Foundation Trust informed the ICO that an unencrypted memory stick had been lost containing sensitive personal information relating to patients and staff.
The memory stick was later recovered.
Mick Gorrill, assistant information commissioner at the ICO, said both these cases highlight the importance of implementing the appropriate safeguards to ensure sensitive personal details about patients are processed securely.
"Even though one case involved the theft of a laptop, the data controller (Abertawe Bro Morgannwg University NHS Trust) is responsible for ensuring any personal data is adequately protected.
"The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure," he said.
Failure to meet the terms of the undertaking is likely to lead to further enforcement action, the ICO said in a statement.