Public sector workers in Yorkshire have been slammed for spying on personal data of the county's residents, following an investigation by a local newspaper.
Disciplinary records showed police, NHS employees and workers at local councils had accessed private data on people they knew, the Yorkshire Post reported.
In one case, a Rotherham council finance officer was found to have viewed the personal information on 72 of his friends and neighbours.
In another case, a receptionist at a Sheffield hospital took patient contact records to use for another job as a market researcher.
"It is scandalous to think that people in positions of trust have abused their access to sensitive personal information in this way," the Big Brother Watch said in a blog post responding to the findings.
"It is clear that an urgent public sector review is needed in order to ensure that access to private data is restricted to only a small number of trusted staff, rather than applying the 'scatter-gun' approach to database access that many bodies currently employ."
As for how employees caught snooping were reprimanded, punishments ranged from warnings to outright dismissals.
"A full range of sanctions are available to deal with the relatively small number of individuals who breach force policies, including verbal advice, written warnings, formal reprimands and, in the most serious cases, dismissal," North Yorkshire Police Assistant Chief Constable Sue Cross told the paper.
The Big Brother Watch insisted any member of staff working at either a public or private organisation who is guilty of misusing personal information should "face immediate dismissal."
A spokesperson from the Information Commissioner's Office (ICO) said when a worker has taken data for their own good, criminal proceedings could go ahead.
"Where that employee is accessing records for personal gain, such as selling the data on to third parties, the ICO may open a criminal investigation," the spokesperson told IT PRO.
"As with many organisations that hold a significant amount of personal data, we have regular contact with a range of public authorities regarding allegations of staff inappropriately accessing records. The usual and most appropriate outcome in these cases is disciplinary action taken by the employer."
The ICO is responsible for investigating data breaches and has reprimanded both public and private bodies in the past for irresponsible data handling.
Insider threats to organisations have been a major problem for a number of years.
Research from the latter half of 2010 showed almost half of all employees would consider taking some company property with them when vacating a position.
Data was at the top of the list when it came to what workers were willing to steal.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
NHS supplier hit with £3m fine for security failings that led to attackNews Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
The UK cybersecurity sector is worth over £13 billion, but experts say there’s huge untapped potential if it can overcome these hurdlesAnalysis A new report released by the DSIT revealed the UK’s cybersecurity sector generated £13.2 billion over the last year
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway serviceNews Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
-
Major incident declared as Merseyside hospitals hit by cyber attackNews The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
-
Thousands of procedures canceled at London hospitals as Qilin releases blood test dataNews The attack on blood testing company Synnovis continues to affect patients, while the ransomware group follows through with its threats
-
Ransomware group threatens to publish 3TB of stolen NHS Scotland data after posting proof of attackNews NHS Dumfries and Galloway has confirmed some of the sensitive data stolen during the 15 March attack has been published by a known ransomware operator
