European Data Protection Digest

Trust Loses USB stick

DATA LOSS—UK

September 24, 2010

The Information Commissioner's Office (ICO) has found East & North Hertfordshire NHS Trust to be in breach of the Data Protection Act after an unencrypted USB stick containing sensitive personal data was lost on a train. The USB stick contained details on patients' conditions and medications and has not yet been recovered. An ICO investigation revealed that the trust's policies on the use of personal USB sticks were not clear and that no technical measures were in place to prevent misuse of portable devices. The trust has signed an undertaking to improve security measures. ICO Head of Enforcement Mick Gorrill said, "Storing sensitive personal data on unencrypted data sticks is a risk trusts should not be willing to take."
Full Story