'Sensitive' patient details on memory stick lost
- 18 January 2012
- From the section Northern Ireland
A care provider has lost a memory stick that held sensitive personal information about 53 people from Northern Ireland.
Praxis Care Limited lost the unencrypted material last August but the details have just emerged.
The company has been found to be in breach of the Data Protection Act and has been ordered by the Information Commissioner to improve its procedures.
All of those whose information was on the memory stick have been informed.
It was lost on the Isle of Man and also contained information about 107 people who live on the island.
Some of the information on the memory stick related to patients' care and mental health.
The company now ensures all portable devices are encrypted and has updated its method of disposing of sensitive material.
Christopher Graham, the UK Information Commissioner, said: "Carrying people's personal information around on an unencrypted memory stick is clearly unacceptable.
"The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.
"The ICO will continue to work closely with other data protection regulators where it is clear that a data breach extends across national boundaries."
In a statement, Praxis Care said: "Praxis Care can confirm it has agreed with the Information Commissioner measures to improve data security following the loss of service user information in August 2011 on the Isle of Man.
"The main element of the undertaking confirms the measures taken shortly after the incident to encrypt data and improve data handling.
"The data loss was promptly reported to the relevant authorities including the Information Commissioner. All service users affected were informed of the details of the lost information and received an apology from Praxis Care.
"Praxis Care is confident that the measures taken will greatly reduce the risk of future information loss."