- Smart Healthcare, Friday 6 February 2009 17.40 GMT
Brent Teaching Primary Care Trust has been required to sign a formal agreement that in future it will process personal information in line with the Data Protection Act. It will also have to ensure that its staff are adequately trained and all portable and mobile devices used to store and transmit personal information are encrypted.
Although the laptops had been stored in a locked office, they were left out on a desk and stolen. Furthermore, the senstiive data was not encrypted. The ICO said that Brent's actions breached the Data Protection Act and its own security procedures.
Mick Gorrill, the assistant information commissioner, said that although the number of people affected was relatively small, some of the information was of a private nature.
"I am increasingly concerned about the way some NHS organisations are transferring sensitive records onto laptops and other mobile devices that are not encrypted," he said. "Organisations need to ensure they implement appropriate safeguards to ensure personal details about patients are processed securely."
