NHS Education for Scotland (NES) has agreed to improve data security after it informed the Information Commissioner’s Office (ICO) of a data breach involving the theft of an unencrypted laptop containing the personal information of 6377 applicants for medical training positions.
The information included names, addresses, phone numbers and summaries of the applicants, as well as monitoring information relating to equality and diversity. Malcolm Wright, Chief Executive of NES, has signed an Undertaking confirming that the organization will take a number of steps to ensure personal information is kept safe and secure in the future.
Ken Macdonald, Assistant Information Commissioner – Scotland, said: “Password protected laptops are not secure. I urge all organizations to restrict and encrypt the amount of personal information stored on portable devices that can be taken off site. In this case, the stolen laptop contained sensitive personal information including equality and diversity information. If personal details fall into the wrong hands, individuals can experience considerable distress. Safeguarding sensitive personal information is an important principle of the Data Protection Act. This case serves as a reminder that all organizations and their executive teams need to ensure that data protection is treated as an important part of corporate governance.
A copy of the Undertaking can be downloaded from
http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx
Source: ICO Press Release