The Information Commissioner's Office (ICO) has found a healthcare recruitment agency in breach of the Data Protection Act for losing a hard drive containing doctors' personal data.
Healthcare Locums (HCL) reported the breach after a hard drive containing doctors' security clearance and visa information was returned after it was sold on an online auction site.
The hard drive was lost after it was transferred between HCL branches, but the company did not know it was missing until it was returned by the person who bought it on the auction site.
This breach highlights the importance of making sure personal information is transported in a way that complies with the Data Protection Act, said Sally Anne Poole, enforcement group manager at the ICO.
"I am pleased that Healthcare Locums is taking remedial steps to make sure incidents like this one do not happen again," she said.
Mo Dedat, chief operating officer of Healthcare Locums, has signed a formal undertaking to ensure contracts are put in place between the organisation and any contractors it uses to process personal data on its behalf.
Healthcare Locums will also ensure that itineraries of equipment used to process personal data are maintained and updated in order to ensure any similar incidents are detected quickly and handled appropriately.