An undertaking to comply with the seventh data protection principle has been signed by the Lancashire Constabulary. This follows the discovery of a missing person’s report on a street in Blackpool. A monetary penalty has also been issued to the authority in connection with this incident

Craven District Council have signed an undertaking to comply with the seventh data protection principle, following incidents where the council failed to take appropriate steps to ensure that personal information was kept secure

A receptionist who unlawfully obtained her sister-in-law’s medical records in order to find out about the medication she was taking has been found guilty of an offence under section 55 of the Data Protection Act.

Usha Patwal, of Romford, was given a two year conditional discharge and ordered to pay £614 prosecution costs by Havering Magistrates Court today.

An Undertaking to comply with the seventh principle of the DPA has been signed by Alan M Casson & Associates, after two unencrypted laptops and back up media had been stolen during a burglary of their premises. The laptops contained personal data relating to 8000 current and past patients.

An Undertaking to comply with the seventh principle of the DPA has been signed by the Principal of Godalming College, after the was notified that an email with an attachment containing sensitive personal data had been sent inadvertently to lower-sixth form students. The email should have been sent to their tutors and the sender had not intended to send the attachment, but merely a link to it.

An Undertaking to comply with the seventh principle of the DPA has been signed by Richard Dominic Preston following the theft of a laptop computer from Mr Preston's home address. The laptop contained documents relating to cases on which Mr Preston had been instructed, together with email correspondence.

An Undertaking to comply with the seventh principle of the DPA has been signed by The London Borough of Southwark, further to the inappropriate disposal personal of an iMac computer and paper records. The matter was brought to the attention of the when the afore mentioned items were found by a member of the public in a skip being used to cleanse a decommissioned and vacant property, which was part of a complex previously owned by the data controller. A substantial volume of sensitive personal data relating to around 7,200 individuals was contained on the iMac and within the paper records detailing ethnicity, medical history and criminal convictions.

An Undertaking has been signed by Central Essex Community Services after the loss of a birth book containing information about the general health of 249 mothers and their babies. The book which should have been stored in a locked filing cabinet was stored on top of the cabinet in a locked room due to no secure storage space being available. The book has never been recovered.

An Undertaking to comply with the seventh principle of the DPA has been signed by Ruth Crawford QC, further to the theft of an unencrypted laptop computer which contained the sensitive personal data of a number of individuals who were involved in cases on which the data controller was instructed to act.

An Undertaking to comply with the seventh principle of the DPA has been signed by Phoenix Nursey School, further to the loss of a backup tape and accompanying device which contained details of pupils, parents and guardians as held on the schools information management system. Consideration was given to the fact that a nominal amount of the data lost in this incident consisted of information as to the physical or mental health of the data subjects.

An Undertaking to comply with the seventh data protection principle has been signed by Oliver Letwin MP. Following the disposal of a number of documents containing personal data in public waste-bins.

An Undertaking to comply with the seventh data protection principle has been signed by the chief executive of Rochdale Metropolitan Borough Council. This follows an incident earlier this year in which an unencrypted USB stick containing some personal data relating to thousands of local residents was lost.

An Undertaking to comply with the seventh data protection principle has been signed by Newcastle Youth Offending Team. This follows the theft of an unencrypted laptop containing sensitive personal data.

An Undertaking to comply with the seventh data protection principle has been signed by University Hospitals Coventry & Warwickshire NHS Trust. This follows two separate incidents involving the loss of personal data by the Trust.

An Undertaking to comply with the seventh data protection principle has been signed by Spectrum Housing Group. This follows a non-secure e-mail with an excel attachment containing personal data relating to employees of the data controller, being sent in error to an unintended recipient outside of the organisation. It was also discovered that data within hidden pivot cells forming part of the spreadsheet could be revealed.

An Undertaking to comply with the seventh data protection principle has been signed by Dumfries and Galloway Council. This follows the accidental online disclosure of current and former employees personal data in response to a Freedom of Information (Scotland) Act request.

An Undertaking to comply with the seventh data protection principle has been signed by the General Secretary of the Association of School and College Leaders (ASCL). This follows theft of a laptop containing sensitive personal data from the home of an employee.

An Undertaking to comply with the seventh data protection principle has been signed by Holly Park School. This follows the theft of an unencrypted laptop containing personal data relating to nine pupils.

An Undertaking has been signed by Dartford and Gravesham NHS Trust following the accidental destruction of 10,000 archived records. The records which should have been kept in a dedicated storage area were put in a disposal room due to lack of space.

An Undertaking has also been signed by Poole Hospital NHS Foundation Trust after two diaries containing information relating to the care of 240 midwifery patients - were stolen from a nurses car. The diaries included patients names, addresses and details of previous visits and were used by the nurse during out of hours duty.

An Undertaking to comply with the third and seventh data protection principles has been signed by Eastleigh Borough Council. This follows the potential disclosure of a document containing sensitive personal data.

An Undertaking to comply with the seventh data protection principle has been signed by the Child Exploitation Online Protection Centre (CEOP) and its parent organisation the Serious Organised Crime Agency (SOCA). This follows the discovery that CEOPs website reporting forms were being transmitted insecurely.

An Undertaking to comply with the seventh data protection principle has been signed by Royal Liverpool & Broadgreen University Hospitals NHS Trust. This follows two separate incidents involving the loss of personal data by the Trust.

An Undertaking to comply with the seventh data protection principle has been signed by Eastern and Coastal Kent Primary Care Trust. This follows the loss of a CD containing personal data during a move of office premises.

An Undertaking to comply with the seventh data protection principle has been signed by Walsall Council. This follows the accidental disposal of postal vote statements in a skip by the councils data processor. The council did not have a written agreement with the data processor selected to store this personal data.

An Undertaking to comply with the seventh data protection principle has been signed by London Ambulance Service NHS Trust. This follows the theft of a personal unencrypted laptop containing patient data.

An Undertaking to comply with the seventh data protection principle has been signed by University Hospital of South Manchester NHS Foundation Trust. This follows the loss of an unencrypted memory stick containing personal information relating to approximately 87 patients.

An Undertaking to comply with the seventh data protection principle has been signed by the Scottish Children's Reporter Administration. This follows the sending of an email containing sensitive personal data relating to a child's court hearing to an unknown third party and the temporary loss of 9 case files relating to the safety and welfare of children during an office move.

An Undertaking to comply with the seventh data protection principle has been signed by Luton Borough Council. This follows a self reported breach concerning a flaw in the encryption function of a number of Council issue memory sticks. The flaw could allow memory sticks to be formatted removing encryption protection.

An Undertaking to comply with the seventh principle of the DPA has been signed by the London Borough of Greenwich. This follows two incidents where sensitive personal data was inadvertently disclosed, due to the Council's failure to implement appropriate wording in their ICT policy, stating that the sending of sensitive personal data in business related emails to external webmail addresses should be avoided.

An Undertaking to comply with the seventh data protection principle has been signed by Lush Cosmetics Ltd. This follows a malicious intrusion on their website which compromised approximately 5000 customer credit cards.

An Undertaking to comply with the seventh data protection principle has been signed by Bay House School after the personal details of nearly 20,000 individuals, including some 7,600 pupils, were put at risk during a hacking attack on its website.

An Undertaking to comply with the seventh data protection principle has been signed by HCA International Limited. This follows the theft of two unencrypted laptops containing sensitive personal data from one of the groups hospitals in March.

An Undertaking to comply with the seventh data protection principle has been signed by the Chief Executives of Wandle Housing Association. This follows the discovery of an unencrypted USB stick containing thousands of tenant records and financial data in a London pub.

An Undertaking to comply with the seventh data protection principle has been signed by the Chief Executives of Lewisham Council . This follows the discovery of an unencrypted USB stick containing thousands of tenant records and financial data in a London pub.

An Undertaking to comply with the seventh data protection principle has been signed by Kirklees Metropolitan Council. This follows the inappropriate disclosure of personal data by care workers contracted by Kirklees Metropolitan Council.

An Undertaking to comply with the seventh data protection principle has been signed by the University of York after it failed to close a test area on its website that contained thousands of students personal details. While no direct link was available for the test area from the University's website, 148 records were inappropriately accessed.

An Undertaking to comply with the seventh data protection principle has been signed by Lancashire Police Authority (LPA). This follows the inappropriate disclosure of personal data on the LPAs website containing sensitive personal data.

An Undertaking to comply with the seventh data protection principle has been signed by Northamptonshire Healthcare NHS Foundation Trust. This follows the loss of one individuals medical records.

An Undertaking to comply with the seventh data protection principle has been signed by Ms Raisa Saley, Barrister at law, further to the loss of a bundle of court papers which contained a considerable volume of sensitive personal data relating to a number of individuals from the same family.

An Undertaking to comply with the seventh data protection principle has been signed by Basildon and Thurrock University Hospitals NHS Foundation Trust. This follows the transmission of a fax containing sensitive personal data to the wrong recipient.

An Undertaking to comply with the seventh principle of the DPA has been signed by Dunelm Medical Practice, further to the inappropriate facsimilie transmission and subsequent disclosure of two patient's electronic discharge letters, which contained sensitive personal data, including medical information.

An Undertaking to comply with the seventh data protection principle has been signed by East Midlands Ambulance Service NHS Trust. This follows the transmission of a fax containing sensitive personal data to the wrong recipient.

An Undertaking to comply with the seventh data protection principle has been signed by the Ipswich Hospital NHS Trust. This follows the discovery of 29 patient records containing sensitive personal data in a public place.

An Undertaking to comply with the seventh data protection principle has been signed by Lancashire Teaching Hospitals NHS Foundation Trust. This follows the faxing of sensitive personal data to a member of the public on more than one occasion.

An Undertaking to comply with the seventh data protection principle has been signed by Cherubs Community Playgroup. This follows the theft of an unencrypted laptop containing personal information relating to approximately 47 families.

An Undertaking to comply with the seventh data protection principle has been signed by CCTV monitoring website Internet Eyes Limited. This follows a complaint about a clip posted on video sharing website YouTube that contained an identifiable image of a person in a shop. The clip appeared to have been uploaded by a viewer who had used the CCTV footage streamed to their computer from the Internet Eyes website.

An An Undertaking to comply with the seventh data protection principle has been signed by Surbiton Childrens Centre Nursery. This follows the theft of a teachers bag containing an unencrypted memory stick and paperwork.

An Undertaking to comply with the seventh data protection principle has been signed by North Lanarkshire Council. This follows the theft of hard copy documents containing sensitive personal data.

An Undertaking to comply with the seventh data protection principle has been signed by the charity Aspergers Children & Carers Together (ACCT). This follows the theft of an unencrypted laptop containing sensitive personal data last Christmas.

An Undertaking to comply with the seventh principle of the DPA has been signed by Co-operative Life Planning Limited, further to the inappropriate disclosure of an electronic file, which contained a considerable volume of customer's personal data.

An Undertaking to comply with the seventh data protection principle has been signed by Somerset County Council. This is a result of a teenagers social care records having been sent to the wrong family.

An Undertaking to comply with the seventh data protection principle has been signed by Wheelbase Motor Project. This follows the theft of an unencrypted portable hard drive storing sensitive personal data concerning 50 individuals.

An Undertaking to comply with the seventh data protection principle has been signed by Freehold Community School. This follows the theft of an unencrypted laptop and paperwork containing personal information relating to 90 pupils from a teachers car.

An Undertaking to comply with the seventh data protection principle has been signed by NHS Birmingham East and North. This follows the discovery that Trust employees could access electronic files unrelated to the department they worked in.

An Undertaking to comply with the seventh data protection principle has been signed by University College London Hospitals NHS Foundation Trust. This follows the discovery of an unencrypted memory stick off Trust premises. The memory stick contained sensitive personal data relating to 750 Trust patients.

An Undertaking to comply with the seventh data protection principle has been signed by the Borough of Poole. The Council reported that faxes had been sent to the wrong number on three occasions last year.

An Undertaking to comply with the seventh principal of the DPA has been signed by Norwich City College of Further and Higher Education, detailing two instances, where a total of 80 student files, some of which contained sensitive personal data including medical information, were inappropriately disposed of.

NHS Liverpool Community Health has signed an Undertaking after it breached the Data Protection Act (DPA) by losing papers relating to the medical history of 31 children and their birth mothers during a premises move in October last year. The ICOs investigation found that NHS Liverpool had no formal contract in place with the removal company to handle personal data - a requirement of the Act - and had no process in place to ensure personal data was kept secure throughout the move.

An Undertaking to comply with the seventh principal of the DPA has been signed by City of York Council, further to the inappropriate disclosure of an individuals personal data, which occurred as a result of the information in question being erroneously included with documentation sent to an unrelated third party.

An Undertaking to comply with the seventh data protection principle has been signed by Royal Cornwall Hospitals NHS Trust. This follows the inappropriate disclosure of third party sensitive personal data on two occasions, in response to a subject access request.

An Undertaking to comply with the seventh data protection principle has been signed by Warrington and Halton Hospitals NHS Foundation Trust. This follows the theft on an unencrypted laptop containing sensitive personal data relating to 110 patients.

An Undertaking to comply with the seventh data protection principle has been signed by Ms Phillimore, a barrister. This follows Ms Phillimore leaving a file containing sensitive personal data in an unattended motor vehicle, from which the file was stolen.

An Undertaking to comply with the seventh data protection principle has been signed by Wolverhampton City Council. This follows a report in the press about the theft of a skip and the subsequent fly tipping of its contents. The skip contained personal data including bank details, employment records and medical information. The data was traced back to a local community leisure centre. The council confirms that leisure centre staff should not have disposed of personal data in a skip. The information has now been securely destroyed.

An Undertaking to comply with the seventh data protection principle has been signed by Doncaster Metropolitan Borough Council. This follows the disclosure of third party data by the council during court proceedings.

An Undertaking to comply with the seventh data protection principle has been signed by Aramark Ltd. This follows the theft of an unencrypted laptop and paperwork containing employees personal data.

An Undertaking to comply with the seventh data protection principle has been signed by Cambridgeshire County Council. This follows the loss of an unencrypted memory stick containing sensitive personal data.

The Identity and Passport Service has signed an Undertaking which commits the organisation to taking remedial action after the found it in breach of the Data Protection Act for losing the passport renewal applications of 21 individuals.

An Undertaking to comply with the seventh data protection principle has been signed by Isle of Anglesey County Council. This follows the mailing of housing and council tax benefit letters containing financial personal data to the wrong recipients. The council did not have a written agreement in place with the data processor selected to distribute the letters on its behalf. See the text of the Undertaking here.

Gwent Police has signed an Undertaking which commits the organisation to taking remedial action after the found it in breach of the Data Protection Act for accidentally emailing results of Criminal Reference Bureau (CRB) checks performed by the force to a member of the public.

NHS Blood and Transplant has signed an Undertaking which commits the organisation to being more robust in checking information is accurate. This follows the discovery that organ donation preferences of 444,031 people were recorded inaccurately on the Organ Donation Register, which is managed by NHS Blood and Transplant, due to a software error.

A formal Undertaking has been signed by the Scottish Court Service. Following a newspaper report about a data breach by the Court Service, the discovered that papers containing personal information had been lost by the editor of a series of law reports. The court service had failed to check how this individual intended to keep the information secure.

A formal Undertaking has been signed by Stoke-on-Trent City Council, agreeing to comply with the seventh data protection principle. This follows the discovery of an unencrypted social services memory stick in Hanley containing information about 40 children.

Senior Vice President of Google, Alan Eustace, has signed an Undertaking on behalf of Google Inc. which commits the company to putting into place improved training measures on security awareness and data protection issues for all employees. The company has also said it will require its engineers to maintain a privacy design document for every new project before it is launched. The payload data that Google inadvertently collected in the UK will also be deleted.

A formal Undertaking has been signed by Andrew McDonald, CEO of the Independent Parliamentary Standards Authority (IPSA), agreeing to comply with the seventh data protection principle. This follows an internal database being left insecure for a period of some 21 hours following IT maintenance. The insecurity resulted in the potential compromise of personal data relating to 332 MPs.

An Undertaking to comply with the seventh data protection principle has been signed by the Rainforest Alliance Ltd. This follows the theft of an unencrypted laptop holding personal and financial data relating to employees and job applicants.

A formal Undertaking has been signed by Portsmouth City Council following the inappropriate disclosure of personal information relating to an individuals physical and mental health. The council failed to redact documents correctly in a subject access request and so accidentally disclosed information about another individual.

The Chief Executive of the North West London Hospitals NHS Trust has signal a formal Undertaking after a doctor left medical information about 56 patients on a tube train.

An Undertaking to comply with the seventh data protection principle has been signed by the Lord Chief Justice of Northern Ireland. This follows the inappropriate disclosure of personal data in an email from his office earlier this year.

A formal Undertaking has been signed by Healthcare Locums Plc (HCL). A hard drive containing doctors security clearance and visa information had been sold on an auction website before being returned to HCL.

A formal Undertaking has been signed by Forth Valley NHS Board. The Information Commissioners Office was informed that an unencrypted memory stick with no password protection and containing personal information held by the Board had been handed in to the press.

A formal Undertaking has been signed by East & North Hertfordshire NHS Trust after an unencrypted USB stick containing sensitive personal data was lost by a member of staff on a train journey.

A formal Undertaking has been signed by Yorkshire Building Society (YBS), after an unencrypted laptop belonging to the former Chelsea Building Society (CBS), which had recently merged with YBS, was stolen from its Cheltenham premises. The laptop contained a substantial part of the CBS customer database.

A formal Undertaking has been signed by DSG Retail, following the discovery of customers credit agreements in or near a skip at one of the companys PC World stores. The documents related to transactions made two years prior and had been kept beyond the period recommended by DSGs policies for holding personal data.

A formal Undertaking has been signed by Royal Wolverhampton Hospitals NHS Trust after the loss of over 100 of its patient records. The The Information Commissioners Office was alerted to the loss of a CD which contained scans of 112 patient records from the Intensive Care Unit of New Cross Hospitals Heart and Lung Unit. The CD was discovered at a bus stop near the hospital and was unencrypted with no password protection.

A formal Undertaking has been signed by Tunbridge Wells Equitable Friendly Society Limited trading as The Childrens Mutual, after an annual account statement containing confidential personal data was sent in error to the wrong recipient.

A formal Undertaking has been signed by Birmingham Childrens Hospital NHS Foundation Trust, agreeing to comply with the seventh data protection principle. This follows the loss of two unencrypted laptops which were stolen from the Medical Day Centre, containing sensitive personal data relating to a number of the Trusts patients.

Adrian Leppard, temporary Chief Constable of Kent Police, has now signed a formal Undertaking to ensure that staff whose roles require them to have access to confidential information outside the office are provided with secure transportation and storage facilities.

NHS Stoke-on-Trent has signed a formal Undertaking after 2,000 paper physiotherapy records were not filed within its archive system and may have accidentally been destroyed or misfiled. The organisation will apply physical security measures in respect of paper medical records, particularly when they are in transit.

Basingstoke and North Hampshire NHS Trust has signed a formal Undertaking after an excel spreadsheet, containing 917 patients pathology results, was emailed via an unsecure address to another department. The spreadsheet was not password protected and the receiving department had no business need to have access to the excessive amount of clinical records.

Dr Rowena Mathew, Head of Practice of Lampeter Medical Practice, has signed a formal Undertaking after an unencrypted memory stick containing the personal details of 8,000 patients was reported lost to the ICO.

West Berkshire Council has signed a formal Undertaking to ensure that portable and mobile devices used to store and transmit personal data are encrypted. The Information Commissioners Office (ICO) found it in breach of the Data Protection Act (DPA) following the loss of a USB stick containing the sensitive personal information of children and young people.

An Undertaking to comply with the seventh data protection principle has been signed by Eastbourne Borough Council. This follows the theft of an unencrypted laptop containing personal data from the Towner Gallery in January.

An Undertaking to comply with the seventh data protection principle has been signed by Kings College London. This follows two incidents in which computers containing sensitive personal data were stolen from its academic offices at teaching hospitals.

An Undertaking to comply with the seventh data protection principle has been signed by NCL (Bahamas) Ltd. This follows the suspected theft of a computer printout containing payroll details for the companys 80 UK employees.

A formal Undertaking has been signed by Bolton Youth Offending Team, agreeing to comply with the seventh data protection principle. This follows the theft of a camcorder with video footage containing sensitive personal data relating to three individuals.

An Undertaking to comply with the seventh data protection principle has been signed by South Yorkshire Pensions Authority. This follows the loss of an unencrypted CD containing personal data of 9,140 pension scheme members.

A formal Undertaking has been signed by St James Primary School, agreeing to comply with the seventh data protection principle. This follows the theft of a memory stick containing sensitive personal data relating to a number of pupils.

An Undertaking to comply with the seventh data protection principle has been signed by the headteacher of Ysgol Bro Famau, in Denbighshire. This follows the theft of the schools administration computer, which contained significant amounts of personal data relating to pupils.

A formal Undertaking has been signed by Sue Turner, CEO, of the Birmingham and Solihull Mental Health NHS Foundation Trust agreeing to comply with the fifth and seventh data protection principles. This follows the theft of an unencrypted laptop computer which contained personal data relating to some 1,500 of Trusts patients and some 450 staff.

The Information Commissioners Office has found Warwickshire County Council in breach of the Data Protection Act following the theft of two laptops and the loss of a memory stick. The Chief Executive of Warwickshire County Council has signed a formal Undertaking to ensure that portable and mobile devices used to store and transmit personal data are encrypted.

An Undertaking has been signed by Zurich Insurance plc after the Information Commissioners Office found the company in breach of the Data Protection Act. Zurich Insurance plc lost an unencrypted back-up tape containing financial personal information belonging to 46,000 policy holders of Zurich Private Client, Zurich Special Risk and Zurich Business Client, which are all part of Zurich Insurance plc.

The Information Commissioners Office has found that the Royal London Mutual Insurance Society breached the Data Protection Act (DPA) after eight laptops, two of which contained the personal details of 2,135 people, were stolen from the companys Edinburgh offices. Michael Yardley, Group Chief Executive Officer of the company, has now signed an official Undertaking to ensure that portable and mobile devices including laptops are encrypted.

An Undertaking to comply with the seventh data protection principle has been signed by Redstone Mortgages Ltd, following the disclosure of reports containing personal data of over 15,000 mortgage customers last August.

The Alzheimers Society has signed a formal Undertaking promising to improve security after it reported three seperate breaches involving personal information to the Information Commissioners Office during 2009. The Undertaking also requires staff to be made aware of the Societys policies for the storage, use and disposal of personal information. Staff must receive appropriate training on how to follow these policies.

The Information Commissioners Office has found Bellgrange Mortgages and Insurance Services Ltd in breach of the Data Protection Act after clients details were found in two large waste bins intended for the use of local residents. The organisation, based in Stanmore, has signed an official Undertaking to improve data security.

The Information Commissioners Office has found the Association of Teachers and Lecturers (ATL) in breach of the Data Protection Act after a laptop and memory stick were reported lost or stolen, containing the personal details of over 6,000 union members. ATL General Secretary, Mary Bousted, has now signed an Undertaking to ensure that by 28 February 2010 all portable and mobile devices used to store and transmit personal details are encrypted.

A formal Undertaking has been signed by Waseley Hills High School and Sixth Form Centre committing it to take a number of steps to ensure that personal data is processed in compliance with the Data Protection Act. The Information Commissioners Office found it in breach of the Data Protection Act after the theft of personal data of over 1,000 pupils and staff.

A formal Undertaking has been signed by the Orbit Heart of England Housing Association after the Information Commissioners Office found them to be in breach of the Data Protection Act. 57 paper files containing personal data went missing during an office move. Forty-two of the files were recovered in full, but 15 which contain a significant amount of personal data relating to each tenant and, in some cases, members of his or her family, are still missing.

A formal Undertaking has been signed by Verity Trustees Ltd after the Information Commissioners Office found them to be in breach of the Data Protection Act. The Trustees reported the theft of a laptop computer containing the names, addresses, dates of birth, salaries and national insurance numbers of around 110,000 individuals.

Formal Undertakings have been signed by Gloucestershire Primary Care Trust after the Information Commissioners Office found them in breach of the Data Protection Act.

Formal Undertakings have been signed by Great Yarmouth and Waveney Primary Care Trust after the Information Commissioners Office found them in breach of the Data Protection Act.

Ashford and St Peters Hospitals NHS Trust has signed an Undertaking and agreed to improve data security after it informed the Information Commissioners Office of a data breach involving the loss or theft of three unencrypted USB sticks containing sensitive patient information. Each of the devices contained the full treatment and full diagnosis history relating to a number of cancer patients. The information on the USB sticks was in Word format - leaving the material easily accessible to anyone with a computer.

A formal Undertaking has been signed by NHS Grampian, agreeing to comply with the seventh data protection principle. This follows several data security breaches there in the past few months.

A formal Undertaking has been signed by Billing Pharmacy Ltd, agreeing to comply with the seventh data protection principle. This follows the theft of an unencrypted computer containing sensitive personal data for around 1,000 customers.

A formal Undertaking has been signed by NHS Education for Scotland, theft of an unencrypted laptop. The laptop contained the personal information of 6377 applicants for medical training positions.

A formal Undertaking has been signed by Ipswich Hospital NHS Trust, agreeing to comply with the seventh data protection principle. A ward summary list, containing patients personal data, was found outside the hospital premises. A similar incident had occurred in 2008, but some resulting recommendations had not been implemented.

A formal Undertaking has been signed by Sandwell Metropolitan Borough Council after an unencrypted memory stick was lost by an employee. The memory stick, which was not password protected, contained sensitive personal information relating to four families, including why children were taken into care or made subject to a Child Protection Plan.

Wigan Council has signed an Undertaking after the theft of a laptop computer containing personal information relating to approximately 43,000 children and young people. The laptop included personal details on most children and young people in Wigans schools. The information had been downloaded on to the laptop in breach of council policy.

London Borough of Sutton has signed an Undertaking following an investigation by the into several data security incidents. These included the loss of a paper file which contained personal data relating to 73 individuals receiving social care and the theft of two unencrypted laptops. A package of documents also went missing when a courier used by the council left it with the recipients neighbour.

A formal Undertaking has been signed by Repair Management Services Ltd (formally MVRA), a trade body that provides advice to businesses involved in motor vehicle repair. It follows the theft of an unencrypted laptop containing the personal information of approximately 36,800 individuals. The laptop, which was stolen from a secure vehicle in a public car park, was password protected but unencrypted.

A formal Undertaking has been signed by after pages from an Accident and Emergency register were found in a garden in Newcastle-under-Lyme. The pages contained sensitive personal data relating to the physical and mental health of over 60 patients. The loss followed an office move involving various departments of the Trust during which an external company was hired, without a written contract, to clear out rubbish from the old premises.

A formal Undertaking has been signed by Dr Paul Thomas of the Gipping Valley Practice, Ipswich, agreeing to comply with the seventh data protection principle. This follows the discovery of a Practice server found in the car park of the Practice by an employee of the Suffolk Primary Care Trust. The server contained the sensitive personal data of a large number of Practice patients and the personal data of Practice employees.

A formal Undertaking has been signed by Imperial College Healthcare NHS Trust at St Marys Hospital, South Wharf Road, London, agreeing to comply with the seventh data protection principle. This follows the theft of six unencrypted laptop computers (two incidents) and the loss of a small number of paper records which, in total, contained personal data relating to some 6,000 of the Trusts patients.

A formal Undertaking has been signed by London Clubs International Limited agreeing to comply with the seventh data protection principle. This follows the theft of an unencrypted laptop containing the data of approximately 26,000 customers.

A formal Undertaking has been signed by NHS Lothian agreeing to comply with the seventh data protection principle. This follows the theft of an unencrypted memory stick and some paper files temporarily left in a shop.

A formal Undertaking has been signed by Neath Port Talbot County Borough Council agreeing to comply with the seventh data protection principle. This follows the loss of a memory stick containing information relating to 65 children.

A formal Undertaking has been signed by The Highland Council agreeing to comply with the seventh data protection principle. This follows the theft of two laptop computers from the authorities premises in Inverness.

A formal Undertaking has been signed by Oldham Council agreeing to comply with the seventh data protection principle. This follows the theft of a total of 13 unencrypted laptop computers, of which 3 computers contained personal data relating to a total of some 220 Oldham Council residents. With the exception of one, the computers concerned were stolen from Council premises, eleven computers were stolen in the course of a burglary at secure Council offices, one computer was stolen from a staff members car and one was stolen during the course of a youth activity evening.

A formal Undertaking has been signed by Counted4 CIC of 4 Mary Street, Sunderland, Tyne & Wear, SR1 3NH. agreeing to comply with the seventh data protection principle. This follows the loss of a number of paper records containing sensitive personal information to 84 of the organisations clients. The records were in a locked filing cabinet which appears to have been accidentally destroyed during an office move.

A formal Undertaking has been signed by Jubilee Managing Agency Limited, agreeing to comply with the fifth and seventh data protection principles. This follows the loss of an unencrypted disk containing personal data, including financial details, relating to 2100 policy holders. Some of the data also related to cancelled or expired policies.

A formal Undertaking has been signed by Surrey and Sussex Healthcare NHS Trust agreeing to comply with the seventh data protection principle. This follows the loss a ward hand over sheet and the theft of two unencrypted laptop computers containing personal data relating to 23 and up to 80 of the Trusts patients respectively.

A formal Undertaking has been signed by The Royal Free Hampstead NHS Trust agreeing to comply with the seventh data protection principle. This follows the loss of an unencrypted computer disk containing personal data relating to some of the Trusts patients.

A formal Undertaking has been signed by the Nightingale Practice, within the City & Hackney Teaching Primary Care Trust of St. Leonards, Nuttall, Street, London, N1 5LZ agreeing to comply with the seventh data protection principle. This follows the theft of 10 back up tapes and a USB portable hard drive, containing personal data relating to some 7,700 of the practices patients. The USB hard drive and 5 of the back up tapes were not encryption protected.

A second formal Undertaking has been signed by The Hampshire Partnership NHS Trust, agreeing to comply with the seventh data protection principle. This follows the theft of an unencrypted laptop computer, containing the personal data of 349 patients and 258 members of staff, from a Trust employee who attended a conference at a London hotel.

A formal Undertaking has been signed by Epsom & St Helier University Hospitals NHS Trust of Wrythe Lane, Carshalton, Sutton, SM5 1AA, agreeing to comply with the seventh data protection principle. This follows the discovery of the insecure storage of hospital records, relating to a large number of the Trusts patients.

A formal Undertaking has been signed by Chelsea & Westminster Hospital NHS Foundation Trust agreeing to comply with the seventh data protection principle. This follows the theft of an unencrypted USB memory stick containing personal data relating to 143 of the Trusts patients.