- Smart Healthcare, Friday 13 February 2009 17.43 GMT
It follows an incident in which a computer was stolen from the trust containing sensitive personal information on patients. The building where the computer was kept did not have adequate security measures in place and the data controller had previously expressed concern over the lack of physical security.
The ICO has required Hastings and Rother PCT to sign a formal undertaking that it will process personal information in line with the Data Protection Act. The PCT will ensure staff are adequately trained and will encrypt all office equipment and mobile devices used to store and transmit personal information.
This is the eighth time the ICO has taken enforcement action against an NHS organisation for breaching the Data Protection Act since November 2008.
Mick Gorrill, assistant information commissioner, said: "I am increasingly concerned about the way some NHS organisations are failing to securely hold people's health and personal information. Organisations must implement appropriate safeguards to ensure personal details about patients are processed securely."
