A laptop loss by the Welsh NHS trust could have easily been avoided.

 

Credant Technologies claimed that the incident could have easily been avoided had the trust used encryption technology.

 

The trust was found in breach of the Data Protection Act for losing and failing to secure unencrypted information concerning 5,000 patients in Bridgend, Neath Port Talbot and Swansea. A laptop containing information about the patients, including health records, was stolen from premises of Abertawe Bro Morgannwg University trust in April.

 

Michael Callahan, Credant's vice president, said: “The Information Commissioner's Office has quite rightly found the Abertawe Bro Morgannwg trust to be in breach of the DPA for losing the data on the South Wales patients in its area. It's good to see that the ICO has elicited an agreement with the trust to encrypt all of its patient data in future, and step up IT security generally.”

 

Callahan said that had the trust used encryption on the laptop, in line with security policies in a growing number of companies in the private sector, then the embarrassment and possible litigation from the patients concerned could have been avoided.

 

Callahan said: “Criminals are becoming highly sophisticated in their approach to IT these days. They are becoming aware of the value of the data on the notebook's hard drive, as well as the inherent value of the hardware, so anyone storing sensitive data on notebooks should use encryption as a matter of routine.”