The Information Commissioner’s Office (ICO) has found the Lampeter Medical Practice to be in breach of the Data Protection Act after data relating to 8,000 patients was lost. In March 2010 a download of personal information was made by a member of staff contrary to the policy of the practice. The information was kept on an unencrypted memory stick which did not have any password protection either. The stick was posted to the Health Boards Business Service Centre but never arrived.

Dr Rowena Mathew, Head of Practice of Lampeter Medical Practice, has agreed to take remedial action by ensuring that sufficient steps are taken to ensure a security breach doesn’t occur again. This includes ensuring all mobile devices including laptops and memory sticks are encrypted, ensuring physical security measures are sufficient and making staff fully aware of the organisations’ data security policy.