Following a violation of the Data Protection Act, the Information Commissioner’s Office (ICO) has taken enforcement action against an NHS organisation for the eighth time since November 2008.
Enforcement action has been taken against Hastings and Rother Primary Care Trust (PCT) for a breach of the Data Protection Act.
A computer containing personal sensitive information about patients was stolen from the premises of Hastings and Rother Primary Care Trust. The building where the computer was stolen from did not have satisfactory security measures in place. The data controller had previously expressed concern over the absence of physical security at the PCT.
Hasting and Rother PCT is required to sign a formal undertaking by the Information Commissioner’s Office, which will outline that all personal information will be processed in accordance with the Data Protection Act. In addition, Hasting and Rother PCT will have to ensure that the staff are well trained and all mobile devices and office equipment used to store and transmit personal information will be encrypted.
The computer stolen from the PCT building contained sensitive information on patients. To prevent incidents of cyber crimes such as identity theft or credit fraud, it is important to store such confidential information securely and properly protected. The best method of storing confidential information is by having a secure online data backup at a remote offsite server.