Whitehead Nursing Home fined £15,000 over stolen computer data breach
A nursing home has been fined for a data breach after a computer containing sensitive details about staff and patients was stolen.
Whitehead Nursing Home, County Antrim, was fined £15,000 after an unencrypted laptop was taken from the home of a staff member.
The Information Commissioner's Office (ICO) launched an investigation into the incident.
It said it found "systematic failings" at the home.
The home said it was "surprised and disappointed" by the ruling.
The stolen computer held medical information on 29 residents, including mental and physical health and 'do not resuscitate' orders.
It also stored data on 46 staff, including reasons for sickness, absence and information about disciplinary matters.
Ken Macdonald, head of ICO Regions, said: "This nursing home put its employees and residents at risk by failing to follow basic procedures to properly manage and look after the personal information in its care.
Mr Macdonald said the nursing home did not have any policies in place regarding the use of encryption, working from home and the storage of mobile devices, or provide enough data security training.
"Our investigation revealed major flaws in the nursing home's approach to data protection," he said.
"Whitehead Nursing Home had totally inadequate provisions for IT security and procedure and poor data protection training."
In a statement, Whitehead Nursing Home said the laptop was "password protect to restrict access to unauthorised persons, however, the technical breach was in relation to the lack of full encryption".
"We are very disappointed in their decision given that we self-referred the matter, co-operated fully with them throughout the investigation process and put in place rigorous training, policies and procedures to ensure compliance with the Data Protection Act."
It added: "At the time of the theft, staff, the clients in Whitehead Nursing Home and their families were also informed of the breach, none of which have made a complaint to the company and, to date, we have no confirmation an actual data breach occurred."
Alliance Party MLA Stewart Dickson said that "serious lessons" must be learned from the incident.
"The fine issued by the Information Commissioner's Office demonstrates the seriousness of this matter.
"My thoughts are with the families and loved ones of those affected, who must be incredibly distressed by this incident."