The NHS has been responsible for almost a third of all recorded data breaches in the United Kingdom for the last three years.
So says the Information Commissioner’s Office (ICO), which published a list of the 1,000 data breaches since 2007. It found that the NHS was responsible for 305 of the 1,007 reported breaches.
The private sector is a bit more responsible with data security, it seems, with 288 breaches recorded from individual companies. Meanwhile 132 breaches were recorded from local government bodies and 18 from central government.
Only last month an NHS worker in the secure mental health unit of a Scottish hospital was suspended, after he lost a USB stick containing patients’ medical records. According to local media reports, the USB stick contained unencrypted sensitive information – including the criminal histories of some violent patients at the Tryst Park unit at Bellsdyke psychiatric hospital. The stick was later found by a 12-year-old boy in the car park of an Asda supermarket in nearby Stenhousemuir.
UK companies have already been warned by the ICO to tighten up their security systems. The ICO now has the power to issue large fines for any serious data breaches, and companies that fall foul of the data breach laws, for example, now risk a maximum fine of £500,000. And if that was not enough, the ICO has recently said that it is pushing for prison sentences to be introduced for professional data thieves.
The NHS was also not helped by the fact that 43 breaches were due to data being disclosed in error. The ICO also said that 17 NHS breaches came from information that was lost in transit, 17 from technical/procedural failure, 13 from non-secure disposal, and 12 from ‘other’ causes.
“We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us,” said David Smith, Deputy Commissioner of the ICO. “Extra vigilance is required so that people’s personal information does not end up in the wrong hands.
“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it,” he added.
The ICO has published a Guide to Data Protection which offers advice and tips for organisation to help them secure their data and prevent wrongful disclosure. This includes checking who you are disclosing personal information to, checking that they are genuine and entitled to the personal details that they are asking for, etc.
Other advice centres around correct email protocols that should be followed, as well as physical tasks such as checking that only the name and address can be seen through an envelope window, and that screens in open areas or by windows cannot be viewed by members of the public.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…