NHS employees failed to comply with data security requirements according to an Undertaking, signed by James Barbour, the Chief Executive of NHS Lothian.
The Information Commissioner’s Office (ICO) has found NHS Lothian in breach of the Data Protection Act after an unencrypted memory stick was lost and some paper files were temporarily left in a shop. The paper records included details on home based patients. The memory stick, which contained personal details about 137 patients, belonged to an employee and should not have been used to store personal data held by NHS Lothian. In both cases the employees involved failed to comply with NHS Lothian security arrangements.
Source: Information Commissioner’s Office (pdf)