The healthcare industry continues to live up to its reputation for suffering the most data breaches after the Information Commissioner’s Office (ICO) found Healthcare Locums Plc (HCL) in breach of the Data Protection Act (DPA).
HCL, which is a specialist healthcare recruitment agency, lost a hard disc drive (HDD) that contained personal data of the doctors it employed, such as their security clearances and visa information.
The issue came to light when the HDD was returned to HCL by a member of the public after it had been sold on an online auction website.
It seems that the HDD had gone missing whilst it was being transferred from HCL’s Skipton branch to its branch in Loughton earlier this year. But as no inventory list had been created for the transfer, HCL failed to realise the storage device had gone missing until it was reported by a member of the public.
“This breach highlights the importance of making sure personal information is transported in a way that complies with the Data Protection Act,” said Sally Anne-Poole, Enforcement Group Manager at the ICO in the ruling. “I am pleased that Healthcare Locums is taking remedial steps to make sure incidents like this one do not happen again.”
The loss of storage media is unfortunately commonplace nowadays. For example, in early September a memory stick said to contain anti-terror training manuals was discovered outside a Manchester police station. In May, a NHS worker in the secure mental health unit of a Scottish hospital was suspended, after he lost a USB stick containing patients’ medical records.
Other recent breaches include DSG Retail Ltd, (the owner of PC World), being slapped over the wrist by the ICO after eight completed customer credit agreements containing personal and financial details were discovered in a skip outside one of its PC World stores.
Despite numerous other examples, the ICO has yet to issue any fines. In June, for example, the ICO published a list of all the data breaches reported since 2007. Of the 1,007 reported breaches, the NHS was responsible for 305.
The ICO has previously warned businesses that if they do not own up to data breaches, they will face tougher action than those that come forward of their volition. Companies that fall foul of data breach laws risk a maximum fine of £500,000 under powers granted to the ICO in January this year.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…