Chief executive Mark Hackett's formal undertaking follows an incident in October last year when a member of staff left an unencrypted laptop containing personal information in a retinal screening vehicle.
The unlocked vehicle had been parked when the laptop, with about 33,000 password protected patient records, including details about patients' type of diabetes and results of retinal screening tests, was stolen. The thief cut through a security cable which attached the device to the vehicle.
The Information Commissioner's Office (ICO) said on 22 January 2010 that the trust had breached the Data Protection Act.
Storing large volumes of personal information on portable devices is unnecessarily risky, said Sally-Anne Poole, head of investigations at the ICO. "Why were so many records downloaded on to an unencrypted laptop in the first place?" she asked.
"It is vital that NHS organisations ensure their staff handle personal information securely, especially where so much sensitive personal information is concerned," Poole said, adding that she was pleased the trust had taken action to guard against security breaches of this type in future.
The ICO is urging senior executives of organisations to sign up to its "Personal Information Promise", as a demonstration of their commitment to protect personal details. Organisations which have signed already include schools, police services, councils and government IT suppliers Fujitsu and Oracle.
Comments
There are no comments yet for this article.