Yet another NHS group has been given a slap on the wrist by the Information Commissioner's Office (ICO) for a breach of the Data Protection Act.
The incident occurred at Forth Valley NHS Board in Scotland when a member of staff loaded "sensitive personal data" relating to staff and patients onto an unencrypted memory stick with no password protection, which was then lost or stolen.
The chief executive of the Forth Valley NHS Board has been forced to sign a formal undertaking (PDF) agreeing that the organisation will only use devices issued directly to staff for the processing of personal data.
Staff will also be given training on data handling, and the Board has agreed to implement security measures to protect personal information more effectively, including making sure that data cannot be uploaded to unauthorised devices.
Ken Macdonald, assistant commissioner for the ICO in Scotland, argued that the incident highlights the importance of adhering to the Data Protection Act and educating staff.
"All staff members should be fully aware of the policies and procedures in place to safeguard personal information to stop it falling into the wrong hands, " he said.
The loss is the latest of several breaches of personal data by an NHS group, but the ICO has been unwilling so far to issue fines on any of these occasions.
However, ICO deputy information commissioner David Smith confirmed to V3.co.uk yesterday that the regulator is in the processes of issuing its first fines against two firms that had breached the Data Protection Act.
Smith refused to confirm whether the fines were for private or public organisations, but promised an announcement "in the near future".
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all