Southampton University Hospitals NHS Trust (SUHT) in the UK has been criticised by the Information Commissioner’s Office (ICO) for a lax approach to security which led to data record theft.

An unencrypted laptop, containing around 33,000 password-protected patient records with details about diabetic patients and results of retinal screening tests, was stolen on 19 October 2009 from the hospital’s retinal screening vehicle.

In a statement ICO head of investigations Sally-Anne Poole said SUHT has failed to follow data security measures laid down in the Data Protection act.

“It is vital that NHS organisations ensure their staff handle personal information securely, especially where so much sensitive personal information is concerned,” Poole said.

The ICO was given the power to issue fines of up to £500,000 ($811,309) to companies for any serious data breaches but it is not clear whether the same principle applies to government departments that lose sensitive data.