• Jump to Content [Accesskey 'c']
  • Jump to Navigation [Accesskey 'n']
  • Jump to Homepage [Accesskey '0']
TLT Solicitors
  • Resources
  • Events and Seminars
  • Seminars - Special Requirements
  • Publications
  • Links
  • Accessibility
  • Need to Know
  • Contact
  • Sitemap
  • Send to a colleague/friend
  • Print this page
  • Home
  • Expertise
  • Sectors
  • People
  • Careers
  • Resources
  • About TLT
  • Contact

Page Content

Poor physical security controls leads to data breach at London hospital

Updated September 2011

The Information Commissioner's Office (ICO) has held one of London's largest private hospital groups, HCA International Limited, to account for poor physical security controls which led to a security breach in relation to patient data.

The hospital was required to give an undertaking to the ICO following the theft of two unencrypted laptops containing sensitive personal data relating to patients. Although the laptops were kept in a locked room within the hospital's administrative area, the key to the room was located in a neighbouring unlocked office. The information contained on the stolen laptops was considered "sensitive personal data" as it contained information as to the physical health and condition of the individuals concerned.

In accordance with the terms of the undertaking, the hospital will be required to ensure that physical security controls are improved in order to prevent subsequent unauthorised access to sensitive personal data.

This example is the latest in a string of data breaches involving the disclosure of sensitive personal data by UK health organisations. We recommend that all organisations handling sensitive personal information review their data protection procedures and consider whether further staff training is required, particularly with regard to the implementation of adequate security measures in relation to the storage of and access to such data.

If you require any assistance in relation to data protection matters, please contact Alison Deighton.

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at September 2011. Specific advice should be sought for specific cases; we cannot be held responsible for any action (or decision not to take action) made in reliance upon the content of this publication.

TLT LLP is a limited liability partnership registered in England & Wales number OC 308658 whose registered office is at One Redcliff Street, Bristol BS1 6TP England. A list of members (all of whom are solicitors or lawyers) can be inspected by visiting the People section of this website. TLT LLP is authorised and regulated by the Solicitors Regulation Authority under number 406297.


Back to publications

Related information

  • Data Protection & Privacy

Contact

  • Alison Deighton
    Partner
    Tel: +44 (0)117 917 8016

  • Email

Related publications

  • Data breach by Lush sends warning to retailers
  • Google to improve privacy policies after ICO audit
  • School data breach caused by inadequate enforcement procedures
  • Subscribe to legal updates

© 2012 TLT LLP