Another NHS body has breached the Data Protection Act after a network access failure, the Information Commissioner's Office (ICO) has confirmed.
Lax IT security measures were to blame, as the NHS Birmingham East and North allowed employees to potentially access restricted sensitive data, the ICO said today.
Workers at two other nearby Trusts could have accessed the information as well.
Organisations are still getting basic data protection wrong, deputy commissioner David Smith told delegates at the InfoSecurity 2011 conference, being held in London this week.
"A lot of this is basic stuff. My key message... of course the technical side of security is important... but there is still a big message about the basics," he said.
"So many organisations are not getting the basics right."
Despite disappointment surrounding such failings, Smith said the message was at least partially getting through to UK firms.
Of all cases reported to the ICO in 2011, 45 per cent were due to loss or theft of data. This figure stood at 60 per cent last year.
More powers
The ICO also today welcomed additional powers to fine organisations for the most serious incidents of making unwanted marketing phone calls or sending unwanted marketing emails to consumers.
For such cases, the 500,000 cap remains in place something Smith indicated the ICO would like to see bumped up, even though it has proven adequate so far.
The additional powers will form part of an amendment to the UK's Privacy and Electronic Communications Regulations (PECR), coming into force on 25 May 2011.
The changes to PECR also cover the need for websites to ask for permission before using cookies to track user behaviour.
"The ICO has been calling for increased powers to regulate breaches of PECR for some time," said information commissioner Christopher Graham.
"We will be issuing guidance to reflect the changes that are being introduced."
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
NHS supplier hit with £3m fine for security failings that led to attackNews Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway serviceNews Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
-
Major incident declared as Merseyside hospitals hit by cyber attackNews The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
