A formal Undertaking has been signed by Royal Wolverhampton Hospitals NHS Trust after the loss of over 100 of its patient records. The Information Commissioner’s enquiries revealed weaknesses in procedures and some of the data involved information concerning the physical or mental health or condition of individuals. A CD containing sensitive personal data was discovered at a bus stop near the hospital and was unencrypted with no password protection. This is one of a string of recent data loss incidents and should serve as a wake up call to all FE and HE institutions to review data handling and security
procedures in order to ensure compliance with appropriate data protection principles and the effectiveness of their data protection governance activities. The key elements of a review are ‘adequacy’ and ‘compliance’ audits which focus on the documented policies and procedures and how they have been applied and are working within the institution. Further details of the particular case can be found on the Enforcement page of the Information Commissioner’s website at - http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx.