08/06/2009

Salford Royal NHS Foundation Trust has been found to be in breach of the Data Protection Act.

The Information Commissioner's Office (ICO) made the decision after the trust reported that the details of 3,500 patients were lost following the theft of a computer.

Although the desktop computer was protected by a password, it was not encrypted or physically secured to a desk.

Mick Gorrill, assistant information commissioner at the ICO, said: 'The stolen computer contained sensitive personal details on patients. The trust should handle all personal information, particularly sensitive details, in compliance with the Data Protection Act.

'I am increasingly concerned about the way some NHS organisations are failing to securely hold people's health and personal information. Organisations must implement appropriate safeguards to ensure personal details about patients do not fall into the wrong hands.'

Salford Royal has signed an undertaking agreeing to roll out better security measures.