The Information Commissioner's Office has taken action against Camden Primary Care Trust after two computers left beside a skip were taken from inside the grounds of St. Pancras hospital in August 2008.
The unencrypted computers contained names, addresses and medical information of over 2,500 patients.
The ICO has given Camden Primary Care Trust an Enforcement Notice for neglecting to ensure the security of people's personal information and the disregard shown to keeping the information secure.
Assistant Information Commissioner, Mick Gorrill, said: "The ICO takes all data breaches seriously. Individuals must feel confident that their personal health records will be handled properly by NHS bodies. This incident highlights organisational error and will no doubt damage public trust in the NHS locally."
"I am increasingly concerned about the way some NHS organisations dispose of sensitive patient information. Organisations need to ensure they implement appropriate safeguards to ensure personal details about patients are disposed of in compliance with the Data Protection Act."
Camden PCT is now expected to make sure all personal information is deleted from computers no longer in use. The PCT has been required to update the ICO on improvements made by the end of this month.
Failure to abide by the rules of the Enforcement Notice would be contempt of court and may lead to penalty.
Camden Private Trust could not be reached for comment at the time of publishing.
Click here to read the lessons we should have learned by now about data breaches.
