The Information Commissioner's Office (ICO) has found an Ipswich doctor in breach of the Data Protection Act for failing to secure a computer containing patient information.
The computer, which also contained employee details, was found in a car park by an employee of Suffolk Primary Care Trust.
Dr Paul Thomas, of Gipping Valley Practice, has signed an undertaking to keep personal information securely.
He has also committed to ensuring that the decommissioning process of computers is completed properly to maintain the security of personal information.
Sally-Anne Poole, Head of Enforcement and Investigations at the ICO, said it is vital that sensitive personal information, such as patient information, is handled securely.
"This is an important principle of the Data Protection Act. I am pleased that Dr Thomas is taking remedial action to improve data security," she said.
This year the ICO has taken action against several NHS trusts for failing to comply with the Data Protection Act.