NHS Education for Scotland (NES) will improve its data security, after an unencrypted laptop was stolen that contained the personal information of more than 6,000 medical training applicants.
NES informed the Information Commissioner's Office (ICO) about the breach in late 2008. It resulted in the loss of names, addresses, phone numbers, summaries, as well as the equality and diversity monitoring information of the applicants.
The details were in a SQL database file, and was going be used to test a development version of a medical recruitment website.
The data was not encrypted, as the laptop wasn't intended to be taken off NES premises, and not considered a mobile device' at the time.
As a result, NES has signed an undertaking with the ICO, which among with other demands promised it would encrypt mobile devices and make staff aware of personal data policies.
"Safeguarding sensitive personal information is an important principle of the Data Protection Act," said Ken MacDonald, the assistant information commissioner for Scotland, in a statement.
He added: "This case serves as a reminder that all organisations and their executive teams need to ensure that data protection is treated as an important part of corporate governance."
