Skip to content

Management

Technology

Toolbox

Training

Books

White Papers

Webcast

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Cybercrime & Hacking management > security > news

February 05, 2009

Information Commissioner hits another NHS Trust after data breaches

Three trusts hit with enforcement action in two weeks

By Siobhan Chapman, ComputerworldUK

An NHS trust has been hit by enforcement action by the Information Commissioner's Office following the theft of two laptops containing patient data.

Advert

Brent Teaching Primary Care Trust was found to have breached data protection laws, after two laptops were stolen containing the personal information of 389 patients.

The laptops were stored in a locked office, but were left out on a desk in breach of the PCT’s own security procedures. What's more, the laptops were not encrypted and contained sensitive information, including health details relating to some patients.

The Information Commissioner’s Office (ICO) has taken enforcement action against two other trusts in the last fortnight - Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust – in breach of the Data Protection Act.

The ICO has required all three trusts to sign a formal undertaking agreement that they will encrypt all data in future and improve security in line with the Data Protection Act.

The trusts will also be required to ensure staff are adequately trained.

"Whilst the number of people affected was relatively small, some people’s sensitive health information was contained on the stolen laptops," said Mick Gorrill, assistant commissioner at the ICO.

"I am increasingly concerned about the way some NHS organisations are transferring sensitive records onto laptops and other mobile devices that are not encrypted. Organisations need to ensure they implement appropriate safeguards to ensure personal details about patients are processed securely.”

Abertawe Bro Morgannwg University NHS Trust in Wales was found to have breached data protection laws after an unencrypted computer containing the sensitive personal data of approximately 5,000 patients, was stolen from an unlocked office.

Meanwhile, Tees, Esk and Wear Valleys NHS Foundation Trust, a trust in the north of England, was also reprimanded by the ICO for losing a data stick containing information on patients and staff.

Failure to meet the terms of the formal undertaking is likely to lead to further enforcement action by the ICO.

Now read NHS' grim catalogue of data breaches

Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!

« prev article | more security news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Information Commissioner hits another NHS Trust after data breaches - Cybercrime & Hacking - ComputerworldUK' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Advert

WHITE PAPERS

  • Legal risks: Employee use of the internet and email
    Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.
  • Phishing for victims
    This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
  • Challenges and opportunities of PCI
    The control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance.
  • Social CRM comes of age
    Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this?
  • Risk Management: Protect and Maximize Stakeholder Value
    What has held organisations back from a broader adoption of risk management programs?
*