Following a violation of the Data Protection Act, the Information Commissionerís Office (ICO) has taken enforcement action against an NHS organisation for the eighth time since November 2008.
Enforcement action has been taken against Hastings and Rother Primary Care Trust (PCT) for a breach of the Data Protection Act.
A computer containing personal sensitive information about patients was stolen from the premises of Hastings and Rother Primary Care Trust. The building where the computer was stolen from did not have satisfactory security measures in place. The data controller had previously expressed concern over the absence of physical security at the PCT.
Hasting and Rother PCT is required to sign a formal undertaking by the Information Commissionerís Office, which will outline that all personal information will be processed in accordance with the Data Protection Act. In addition, Hasting and Rother PCT will have to ensure that the staff are well trained and all mobile devices and office equipment used to store and transmit personal information will be encrypted.
The computer stolen from the PCT building contained sensitive information on patients. To prevent incidents of cyber crimes such as identity theft or credit fraud, it is important to store such confidential information securely and properly protected. The best method of storing confidential information is by having a secure online data backup at a remote offsite server.
Over the duration of one month, the Information Commissionerís Office has taken enforcement action on the third English NHS trust over data loss.
Brent Teaching Primary Care Trust has been reprimanded over the loss of 2 laptops that contained personal information of about 389 patients. The increase in data loss and the handling of sensitive data by the NHS using unencrypted devices is a growing concern for the Information Commissioner Office (ICO).
The two laptops were kept on the desk of a locked office, which is in breach of the security procedures followed by the Brent Teaching Primary Care Trust. Furthermore, the laptops contained sensitive information that was not encrypted.
According to the assistant Information Commissioner, Mick Gorrill, the ICO is concerned over the loss of data such as patientís personal information and the way that some NHS organisations are transferring sensitive data onto unencrypted laptops and other mobile devices.
Following the data loss, Brent Teaching Primary Care Trust has been required to sign an understanding that outlines that they will process personal data according with the Data Protection Act.
Last year, NHS Tayside and NHS Lanarkshire, were asked to comply with the Data Protection Act by signing an agreement.
To prevent such incidents of data loss and misuse of confidential personal information, it is best to have an online data backup provider that is secure and protected.
Incidents of data loss seem to be more common nowadays with the latest study revealing that about 61% of businesses have owned up to loss or theft of consumer data over the last two years. It was found that when companies outsourced confidential data, the risk of data loss or theft was 43 times higher than if it were held in-house. It was also found that many of these companies did not have online data backups.
Of all the cases of data loss, 90% were not reported to authorities as the organisations did not know whom to inform or did not realise that it was important for them to do so under the Data Protection Act. An analyst of Butler Group stated that it is important to have data backups considering the number of memory sticks and laptops that have gone missing.
Research has shown that many individuals no longer have faith in the steps that organisations like government departments and banks take while handling personal data. These data loss incidents and the consequences that may follow can be easily avoided if they implement online data storage and backup. These disaster recovery solutions are the best way to ensure total security of confidential information.
According to a survey conducted by Allianz, which is the UKís largest insurer, it has been revealed that 75% of the people questioned think that their employers should take necessary security measures while handling confidential documents.
The survey results also reveal that one third of employees risk losing their confidential information. The information is basically stored in portable storage devices like laptops, memory sticks; USBís so as to attend the meetings or to work from home. Allianz Legal Protection has started warning employees who handle confidential information. In case of data loss, it can result in the dismissal of the employee for gross misconduct or also prosecution under the Data Protection Act 1998. It can also result in risking unlimited fines.
Amongst the surveyed people, half of them thought that organisations expect some amount of data leakage. 70% of the employers do not take necessary measures in the risks that are involved in taking the confidential information out from the office.
If staff are properly trained to handle data loss, it will become much easier for employers to secure the trust of their customers. Recently a cabinet office official was charged as he had left top secret documents on the train. Employees are warned that data loss can cause disastrous effect on a company as well as the employees that are involved.
Companies can adopt reliable ways of storing data like online backup and online data storage to minimise the risks of data loss.