NHS chief's security pledge after laptop theft

25 Jan 2010

The head of an NHS trust in Southampton has promised a review of data security policy after a staff member's laptop containing records of 33,000 patients was stolen last October.

Mark Hackett, chief executive of Southampton University Hospital NHS Trust, said security measures would be tightened after the incident in which an unencrypted, password-protected device was stolen from a retinal scan van.

However, Sally-Anne Poole, head of investigations at the Information Commissioner's Office (ICO), said storing large volumes of sensitive data on one device was "unnecessarily risky", warning that data security must be made a top priority for NHS bosses.

Ms Poole said: "Storing large volumes of personal information on portable devices is unnecessarily risky. Why were so many records downloaded on to an unencrypted laptop in the first place? It is vital that NHS organisations ensure their staff handle personal information securely."

Mr Hackett promised the ICO he would make sure encryption was used on all mobile and portable devices, that physical security is enough to stop unauthorised access to data, that his staff know the rules and are properly trained in keeping data safe