Hospital trusts have been told of the importance of data security after the Information Commissioner’s Office found five more organisations in breach of the Data Protection Act.

It emerged that the Royal Free Hampstead NHS Trust had lost an unencrypted compact disk containing the 20,000 cardiology patients` details.

An unencrypted memory stick was stolen from the Chelsea and Westminster Hospital Foundation trust, containing sensitive medical information of 143 patients.

The ICO also found that Epsom and St Helier University Hospital NHS Foundation trust had been storing hospital records insecurely for two years.

And a ward handover sheet, containing information relating to 23 patients in the care of Surrey and Sussex NHS trust, was found on a bus. Two laptop computers were also reported as stolen by the trust.

Another laptop, which was unencrypted, holding the personal data of 349 patients and 258 staff, was stolen from Hampshire Partnership NHS trust.

Sally-anne Poole, head of enforcement and investigations at the ICO, said: “Data protection must be a matter of good corporate governance and executive teams must ensure they have the right procedures in place to properly protect the personal information entrusted to them.”