The Information Commissioner’s Office (ICO) has found Healthcare Locums Plc (HCL), a specialist
healthcare recruitment agency, in breach of the Data Protection Act (DPA) after the loss of personal
data relating to doctors employed by the organisation.
The ICO was first informed of the breach when HCL confirmed that a hard drive containing doctors’
security clearance and visa information, had been sold on an auction website before being returned.
Enquiries established that the equipment was last recorded as being transferred from HCL’s Skipton
branch to its branch in Loughton earlier this year. However HCL had no inventory list for the transfer, so
the organisation failed to realise the storage device had gone missing until it was reported by a member
of the public. The device was eventually returned to the agency and wiped in June 2010.