A patient's private medical details were posted to a stranger after a blunder by staff at Croydon's NHS trust, the Information Commissioner has found.

A temporary worker at Croydon Health Services sent "sensitive personal data" and "clinical information" to the wrong person after entering an incorrect address.

The address then went unchecked before being mailed, meaning details of a complaint made by the patient and notes from meetings held during an investigation into the complaint were posted to someone else.

It followed a string of similar failures at trust, according to the Information Commissioner's Office (ICO.)

An ICO investigation prompted by a complaint also found that the trust's records of births between April 2009 and May 2010 had gone missing, although the register was later found.

The ICO identified "a lack of a formal checking procedure to ensure the accuracy of correspondence" across the trust, as well as evidence that the temporary staff employee "not received all the appropriate training and guidance" when asked to check to addresses on patient records.

It also criticised the trust for "a lack of senior managerial oversight" and failures to take on board recommendations from previous reports on data protection.

A spokesman for Croydon Health Services NHS Trust said it took "obligations to ensure the safety of patient data very seriously".

He added: "The trust has made a formal undertaking to the ICO, signed by our chief executive [John Goulston], to address the issues raised and will be working with them to demonstrate our progress and compliance in strengthening our information governance at the trust.

"We have already made a number of changes to how we finalise complaints correspondence, including new processes to double-check address details, and the complaints team now also have weekly meetings to support managerial oversight.”

The ICO has ordered the trust to introduce new measures to improve data protection, including annual training for complaints staff, by March 31.