UK’s Information Commissioner’s Office announced today in a press release that The University Hospital of South Manchester NHS Foundation Trust breached the Data Protection Act by losing sensitive personal information relating to the treatment of 87 patients.
The information was lost after a medical student – who had been on a placement at the hospital’s Burns and Plastics Department – copied data onto a personal, unencrypted memory stick for research purposes. The memory stick was then lost by the student during a subsequent placement in December last year.
The ICO’s investigation uncovered that the hospital had assumed that the student had received data protection training at medical school and therefore did not provide them with the induction training given to their own staff.
The hospital has now agreed to take significant steps to ensure that the personal information accessed by students working at the hospital is kept secure. This includes making sure all students are aware of data protection policies.