Another memory stick goes missing

Thursday, June 03, 2010

Lampeter Medical Practice in Wales has lost a memory stick with patient data on it after it was sent by post and never delivered.

A member of staff at the practice downloaded a database containing patient details in contravention of the practice's data protection policy. The information was placed onto a memory stick that was not encrypted and was not password protected.

The memory stick was then posted by recorded delivery to the Health Boards Business Service Centre but never arrived. The memory stick is now accepted to be lost.

Dr Rowena Mathew, head of practice at Lampeter, has signed a formal undertaking, agreeing to encrypt all mobile and portable devices.

Sally-anne Poole, enforcement group manager at the Information Commissioner's Office, said: "It is unnecessarily risky to download 8,000 personal details on to a memory stick. It is imperative that staff are made fully aware of an organisation's policy for securing personal data and any portable device containing personal information should always be encrypted to prevent it being accessed in the event of loss or theft. I am pleased Lampeter Medical Practice has agreed to take action to prevent a similar security breach happening again."