The Information Commissioner's Office (ICO) has found the Home Office and two National Health Service (NHS) Trusts in breach of the Data Protection Act (DPA).
The Home Office action follows the loss of an unencrypted memory stick by a contractor, PA Consulting in August 2008 that held the sensitive personal details of thousands of individuals, including those serving custodial sentences or who had previously been convicted of criminal offences.
The ICO said the Home Office must, with immediate effect, ensure all portable and mobile devices that are used to store and transmit personal information are encrypted. And contractors processing personal information on its behalf must also use encryption software.
Mick Gorrill, Assistant Information Commissioner at the ICO said the Home Office case was particularly serious, regardless of the fact a contractor lost the data. "It is the data controller (the Home Office) which is responsible for the security of the information," he said.
"The Home Office recognises the seriousness of this data loss and has agreed to take immediate remedial action. It has also agreed to conduct future audits to ensure compliance with the Act," he added.
Sir David Normington, the Permanent Secretary, is signing a formal undertaking on behalf of the Home Office outlining that it will process personal information securely in the future.
At the same time, the ICO has also required Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust, to sign formal undertakings that they will process personal information in line with the DPA.
The action comes after an unencrypted laptop containing the sensitive personal data of approximately 5,000 patients, including some health records, was stolen from the Abertawe Bro Morgannwg University NHS Trust. And Tees, Esk and Wear Valleys NHS Foundation Trust informed the ICO that an unencrypted memory stick had been lost containing sensitive personal information relating to patients and trust staff. The trust initiated its own investigation after the data stick was returned to the trust.
In all three cases, the ICO has mandated the implementation of appropriate security measures, including adequate encryption policies and staff and contractor security policy adherence, to ensure that personal details are properly protected.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
NHS leaders are keen to adopt new digital tools, but IT can't solve problems on its ownA survey of healthcare decision-makers finds they believe IoT devices and electronic health recording could help them reach more patients quicker
-
How a paperless approach cut wasted staff hours at Bradford Teaching Hospitals TrustCase study Through DrDoctor’s digital portal for patient appointments and advice, the Rheumatology team at Bradford Teaching Hospitals NHS Foundation Trust has dramatically cut
-
Healthcare’s next chapterwhitepaper Revolutionizing how you care with EPR experts you can trust
-
How digital experience management helped an NHS trust improve productivityCase study Princess Alexandra Hospital NHS Trust used digital experience management to cut device failure and restore time to clinicians
-
Will the NHS Federated Data Platform transform UK healthcare?In-depth Plans to create a data platform in partnership with the private sector could revolutionize NHS treatment, but concerns over data privacy and security are festering
-
NHS IT issues costing doctors more than 13 million hours annuallyNews Doctors warn that ageing IT infrastructure is impacting patient care and clinical outcomes
-
Automation is helping the NHS clear its patient backlog, but not as quickly as expectedAnalysis The healthcare service's big bet on robotic process automation is making 'impactful' but slow progress
-
DHSC sets out ambitious targets for NHS App by 2023, beyondNews Ongoing NHS digitisation efforts will form backbone of the new system
