The computer was taken from an unlocked office at a Swansea hospital

An NHS trust serving people across south Wales has been criticised after a laptop with details of about 5,000 patients were stolen.

Abertawe Bro Morgannwg University NHS Trust was found to have breached data protection laws.

The computer, which had patient medical records on it which were not encrypted, was stolen from an unlocked office.

The trust has now signed an agreement to encrypt all data in future and improve security.

The health trust serves patients in Swansea, Neath Port Talbot and Bridgend.

The laptop was stolen by an "opportunistic thief" from an unlocked management office at Singleton Hospital in Swansea last April.

Appropriate safeguards

It is understood the computer was taken outside normal working hours.

In a separate case, a trust in the north of England, Tees, Esk and Wear Valleys NHS Foundation Trust was also criticised by the Information Commissioner's Office (ICO) for losing a data stick containing patient information.

Mick Gorrill, Assistant Information Commissioner at the ICO, said: "Both these cases highlight the importance of implementing the appropriate safeguards to ensure sensitive personal details about patients are processed securely.

"Even though one case involved the theft of a laptop, the data controller (Abertawe Bro Morgannwg University NHS Trust) is responsible for ensuring any personal data is adequately protected.

"The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure.

Password protected

"Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust recognise the seriousness of these data losses and have agreed to take immediate remedial action," Mr Gorrill added.

Abertawe Bro Morgannwg NHS Trust issued a statement saying: "The theft took place outside of normal office hours, at a time when the offices would normally be unoccupied and the rooms locked.

"The laptop contained patient identifiable information, but this information was password protected. In addition, documents stored on the hard drive were also password protected."

The trust said it had taken a number of measures to improve security and encryption.



