HIGHLY sensitive child protection papers are among scores of documents and computer records lost by Westcountry officials in the past three years, writer WMN chief reporter Andy Greenwood.

The child protection case minutes – from meetings between social services, healthcare providers and the police – were lost by Devon Primary Care Trust in December last year.

It admitted the blunder – and 10 others – after a Freedom of Information Act request from the Western Morning News. It said the documents were sent in the post to social services but were never received.

A year later, the confidential papers still have not been recovered although the trust said there was no evidence that they had been accessed.

The incident is just one of dozens admitted by the region's hospitals and councils which have lost paperwork, given confidential patient information to the wrong people or had inadequately protected computers stolen.

Conservative MP Geoffrey Cox said he was "increasingly concerned" by such incidents.

"Trillions of gigabytes of information on people's personal lives are being held and it is quite obvious that Government generally leaks like a sieve," said the West Devon MP.

"It all goes to show why we should distrust allowing the state to have more powers to store and use this type of information.

"Here we have another example of highly sensitive information relating to children going missing. What will children and their parents think of that?

"All information demands very careful management so that it is always secure. It is clear that at times, it is not."

Dr Virginia Pearson, director of public health at Devon Primary Care Trust, said the loss of any sensitive information was taken "extremely seriously". Policies were also in place to safeguard private and confidential information.

"The incident you refer to resulted in all staff being reminded of correct trust policies relating to safe procedures when sending patient information by post," she said. "Paper medical records must be sent by courier or Royal Mail special delivery service with track and trace and proof of delivery.

"We also have guidance on the use of courier services which includes the need to have any electronic data file created by an authorised person and encrypted in accordance with Department of Health guidelines. Should data be transferred on to a data memory stick, it is trust policy that encryptable memory sticks issued by the trust must be used at all times."

The most number of incidents were reported at North Devon District Hospital – 38 in all. It said the majority of the incidents involved physical records and loss was often temporary without "breach of confidentiality".

However, it admitted that on seven occasions, confidentiality had been breached.

Some 25 problems were recorded by the Royal Devon and Exeter Hospital, including patients being given paperwork containing other patients details, correspondence going missing, e-mails containing personal information being sent to the wrong people and files being found unattended within the hospital.

"When considering the information provided, please bear in mind that in 2007/08, the trust provided care for more than 123,867 inpatients and day case patients, and more than 271,318 outpatient attendances took place," the trust said in its response.

"It is the trust's policy that all breaches of data privacy rules are reported using the trust's incident reporting procedure.

"This process ensures that all incidents can be investigated, therefore enabling appropriate action to be taken. This pro-active approach should be considered positive and responsible hospital management."

While the Royal Cornwall Hospital, at Truro, reported only one event, it had major ramifications.

In May 2007, an inadequately protected laptop computer was stolen from NHS premises in Truro. It contained data of employees of the hospital, Cornwall and Isles of Scilly Primary Care Trust, and Cornwall Partnership Trust.

In all, the records of 10,000 staff were exposed including their names, addresses, National Insurance numbers and bank details.

Although protected by a password, it was not encrypted to the required standard. Later recovered by the police, analysis showed that the information had not been accessed.

It resulted in a major review of data security across the trust. A number of "lessons learned" were identified, including security assessments and ensuring confidential data was stored on secure computer servers and not on computers themselves.

A similar incident occurred at Torbay Hospital in November last year when two handheld computers were stolen from an office. On them were stored patients' names, dates of birth, hospital number and treatment they had received. It was password-protected but not encrypted.

In March 2006, two letters containing patients' names, dates of birth, addresses and names of schools, and two boxed ear moulds, were stolen from an audiologist's car. "Both incidents were reported to the police for investigation," a spokesman for Torbay Hospital said. "To date, inquiries have not led to recovery of PDAs (personal digital assistant) or audiology data/ear moulds and there is no evidence of the information having been used for criminal purposes."

Torbay Care Trust also had a laptop – with patient files – stolen in July 2008. The laptop was password-protected but not encrypted.

Meanwhile, a major incident at Torbay Council has been well-documented. In October 2006, two CDs containing the personal data of 6,500 past and present council staff went missing, prompting huge concerns about the security of bank accounts and possible identity theft.

The fate of the two CDs still remains a mystery after there was no proof of postage and they never arrived at Revenue and Customs for a national fraud initiative.

No incidents were recorded by any of the region's 15 districts councils which deal with sensitive issues like council tax collection and housing.

Cornwall County Council revealed that there had been 20 incidents where birth, death or marriage certificates had been lost in the post.

In October 2007, two boxes of documents were recalled from a storage centre and did not arrive. It was discovered they had been delivered in error to a destruction facility, where they were securely destroyed.

Two months later, a box of documents was lost while being transferred to storage. Ironically, the paperwork related to Freedom of Information Act requests.