Mark Hackett, chief executive of Southampton University Hospital NHS Trust, has promised to deal properly with data security after one of his staff lost a laptop computer with 33,000 patients' records on it.
The laptop was left unattended in a retinal scan van. It was password protected but not encrypted. It was attached to the van by cable but this was cut during the theft.
Sally-Anne Poole, head of investigations at the Information Commissioner's Office, said: “Storing large volumes of personal information on portable devices is unnecessarily risky. Why were so many records downloaded on to an unencrypted laptop in the first place? It is vital that NHS organisations ensure their staff handle personal information securely,".
The theft happened last October.
Hackett promised the ICO he would make sure encryption was used on all mobile and portable devices, that physical security is enough to stop unauthorised access to data, that his staff know the rules and are properly trained in keeping data safe. ®