A nursing home in Northern Ireland has been fined £15,000 for not looking after sensitive staff and patient records contained on a laptop that was stolen during a house burglary.
An investigation found widespread systemic failings in data protection at Whitehead Nursing Home in County Antrim at the time of the theft, said the Information Commissioner’s Office.
“This nursing home put its employees and residents at risk”
The data breach came when a member of staff took an unencrypted work laptop home, which was stolen during a burglary overnight, said the ICO.
The laptop contained sensitive personal details relating to 46 staff including reasons for sickness absence and information about disciplinary matters, it said.
The computer also held some details about 29 residents including their date of birth, mental and physical health and “do not resuscitate” status.
Ken Macdonald, who is head of ICO Regions and leads the commissioner’s operations in Scotland and Northern Ireland, said its investigation had revealed “major flaws” in the nursing home’s approach to data protection.
“This nursing home put its employees and residents at risk by failing to follow basic procedures to properly manage and look after the personal information in its care,” he said.
“Whitehead Nursing Home had totally inadequate provisions for IT security and procedure and poor data protection training,” he added.
The ICO highlighted that the law stated that organisations must have measures in place to keep the personal information they hold secure.
It said the nursing home did not have any policies in place regarding the use of encryption, homeworking and the storage of mobile devices or provide enough data security training.
Antrim nursing home fined after staff laptop theft
Dr Macdonald said: “Employees would have expected any details about disciplinary matters or their state of health to have been kept safe.
“Likewise, residents would not have expected their confidential information to have been stored on an unprotected laptop and taken to an employee’s home,” he added.
The commissioner has the power to impose a monetary penalty of up to £500,000.
It said the amount of the fine reflected the size of the nursing home business, adding that a bigger organisation experiencing a similarly breach should expect a much heftier fine.
The home, which is a 41-bed facility, is owned by the Wilson Group. It operates five nursing homes in total in Belfast, Bangor, Larne and another in Whitehead.