- Smart Healthcare, Friday 23 January 2009 17.15 GMT
Abertawe Bro Morgannwg University Trust and Tees, Esk and Wear Valleys Foundation Trust will both sign formal undertakings to process personal information in line with the Data Protection Act. Both will move immediately to encrypt portable and mobile devices which handle personal data.
The decision follows losses of personal data by both trusts. A thief stole an unencrypted laptop containing data on around 5,000 patients from Abertawe Bro Morgannwg, some of which the ICO said was sensitive.
Tees, Esk and Wear Valleys told the ICO that it had lost a memory stick containing sensitive information on both patients and staff, although this was later returned.
"Both these cases highlight the importance of implementing the appropriate safeguards to ensure sensitive personal details about patients are processed securely," said Mick Gorrill, assistant information commissioner. "Even though one case involved the theft of a laptop, the data controller (Abertawe Bro Morgannwg University NHS Trust) is responsible for ensuring any personal data is adequately protected."
The decisions follow the ICO's enforcement action against the Home Office following its contractor PA Consulting's loss of an unencrypted memory stick containing data on tens of thousands of prisoners and those with criminal records.
