The Information Commissioner’s Office has taken enforcement action against another NHS body for a breach of the Data Protection Act.

Hastings and Rother Primary Care Trust has become the eighth health service organisation since November and the second PCT this month to be asked to sign a formal undertaking to comply with the DPA following a breach.

Brent PCT was asked to sign such an undertaking earlier this month, following the theft of two laptops containing unencrypted patient data.

Hastings and Rother PCT had also suffered the theft of a laptop holding sensitive personal details. The ICO said the building in which the computer was kept did not have adequate security measures in place, allowing a thief to gain entry via scaffolding.

The building was not owned by the PCT, but it had raised concerns about the lack of physical security, while failing to take adequate measures to protect the personal data held there.

The PCT has said it will now ensure that all staff are adequately trained and that it will encrypt all office equipment and mobile devices used to store and transmit personal information.

Mick Gorrill, assistant information commissioner, said he was “increasingly concerned” about the way that some NHS organisations were failing to hold people’s health and personal information securely.

“Organisations must implement appropriate safeguards to ensure personal details about patients are processed securely,” he said.

Link: The Information Commissioner’s Office