Mid Staffordshire Foundation Trust chief executive Antony Sumara has pledged to adopt a range of security improvements, after the trust breached the Data Protection Act when a member of the HR team transferred personal information about a trust employee to their home computer, including information relating to a previous criminal conviction.
The new measures will include rules for staff on transferring personal information in order to work from home.
Assistant information commissioner Mick Gorrill said the incident “should never have occurred and could easily have been averted”.
“I strongly advise organisations to avoid instances where employees can download and transfer personal information to home computers,” he said.
“If personal details fall into the wrong hands, individuals can experience considerable distress. It is vital that personal information is handled securely, especially where sensitive personal information, such as conviction data, is concerned,” he added.
Guidance from the Information Commissioner’s Office on managing breaches can be downloaded from the ICO website.