Tag Archives: Scotland

Scottish Health Boards Suffer 806 Data Breaches in Last Five Years

The Scottish Health Boards have suffered from 806 data breaches between 2009 and 2013. This involves a range of different data breaches from data loss and data leaks to breaches of the Data Protection Act

The figures were obtained and revealed by the Scottish Liberal Democrats through the Freedom of Information requests. What is more concerning is that the total number of data breaches increased from 86 incidents in 2009 to 223 in 2013.

With such a high number of data breaches, there is invariably a wide range of different types of data breaches which makes it much harder for the Scottish Government to implement regulations and to ensure that they are all being adhered to.

Such incidents that have resulted in a data breach within the last five years include documents being sent to the wrong addresses and being left in public places such as in car parks and on public transport. One such incident occurred in NHS Greater Glasgow and Clyde in July 2013 when a folder was fond by a member of the public at a bus stop which contained information relating to 60 patients. The folder was handed in at a nearby hospital.

Such statistics is a cause for concern, especially with the drastic increase of data breach incidents within a five year period. As a result, the Scottish Lib Dems have appealed for the Scottish Government to ensure that the Scottish Health Boards are given adequate support to ensure that confidential data remains secure.

Jim Hume who is a Scottish Lib Dem health spokesman stated, “NHS staff work extremely hard under an enormous amount of pressure but there must be a vigilant approach when it comes to protecting confidential patient information. The Health Secretary must ensure that NHS boards are given the support needed to learn lessons and prevent further breaches of patient confidentiality. We have no choice but to trust the people looking after our families to look after their personal details too.”

Hume added, “Whilst the year-on-year rise in incidents may be due to an increase in reporting, this should make health boards all the more aware of the scale of the problem. In one instance, a patient was given the pregnancy record of another patient. Our figures also show a number of important patient records and notes were lost. Some of those that were found had been left in public places where anyone could have read that private information.”

Hume concluded, “A mistake here or there might not seem much but the bigger picture is one of patient information being lost across Scotland. The Health Secretary must explain what he is doing to address this.”

The Scottish Government has responded and stated that they are already taking action to help reduce the number of data breaches within the Scottish Health Boards.

A spokesman stated, “We take patient confidentiality and security of patient information very seriously and believe any data breach is unacceptable. All health boards are required to have robust procedures in place to secure patient information and staff should be given ongoing training in data protection.”

The spokesman added, “All mobile devices holding any patient data are now encrypted so, even if a laptop is stolen, patient information cannot be accessed; boards are installing a new tool to pinpoint staff who are accessing information they are not entitled to see; and health boards are rapidly moving from paper files to encrypted devices.”

The spokesman concluded by stating, “In the interests of greater transparency and to make data breach statistics easier to interpret, the Scottish Government plans to introduce a severity scale and national reporting mechanisms in line with recommendations made by Dame Fiona Caldicott. This should also lead to more clarity on data breaches and other security matters.”

With such cases, it is very hard to pinpoint why there have been so many data breach cases. It will take time for the Scottish Government’s actions to start making an impact and to see how much they have helped to reduce the number of data breaches.

It is all good and well introducing policies and regulations but the staff need to be educated about data security. This will help them understand the importance of following the regulations and minimise the number if simple mistakes that are made.

Natwest and RBS customers experience overcharging

It is everyone’s worse nightmare when it comes to banking – fraud and identity theft. Something I thought I had experienced first hand this morning on checking my account online. Upon querying a transaction where I had been over charged by £200.00, NatWest, part of the RBS group told me this wasn’t fraud but to ring 0845 366 0391 for more information.

An automated message stated, “We are currently experiencing a high volume of calls due to a processing error by the Bank of Scotland. If a transaction has been duplicated this will be automatically refunded. The Bank of Scotland have a recovery plan in place.”

I was promised a full refund for being charged twice for the same goods. Well its five days after the mistake and the recovery plan seems to be taking its time, as I am yet to receive any refund. Not convenient for myself, and one would guess thousands of other banking customers.

Upon looking further into the issue, it appears that similar problems have previously affected customers of Bank of Scotland who are now part of the Lloyds Banking Group. In 2009 shops across the UK received complaints from customers accusing them of being charged twice for the same transaction. The fault was located to electronic point of sale systems and their chip and pin cards.

It is very surprising to see that two different banking groups have experienced similar issues within a short space of time. In both instances it has led to money being incorrectly taken from customer accounts, and the timing of the latest problem comes at the point where many people’s finances are stretched to the limit after the Christmas and New Year period.

It is very possible that the mistake could also lead to people receiving bank charges for going overdrawn and have transactions refused due to insufficient funds. Whilst I am sure that the banks will eventually refund these it is an unnecessary hassle and customers should not have to chase for refunds.

Whilst mistakes can always happen, customers should have been notified rather than having the shock of finding out themselves, and it should not have taken over 5 days to resolve.

It does call into question what Backup, Disaster Recovery and Business Continuity solutions the banks have in place to enable them to recover from such incidents.

Importance of business continuity emphasised with snow fall

As November moved into December, the UK became wrapped in a blanket of road-clogging snow, starting in Scotland and the north of England, before moving south and eventually affecting travel in London and the South East.

The estimated cost to the economy varies depending on which source you choose to believe, but predictions of between £250 million and £1.2 billion a day have been made public by different analysts.

The good news is that many firms have learned their lessons from the cold weather conditions which crippled the UK’s transport links earlier in 2010 and, as such, have taken the proper precautions to ensure business continuity, even when employees cannot make their way into work.

Remote working has become increasingly popular as a failsafe for such eventualities, with many choosing to stay at home and get work done, rather than risk getting stuck in the snow and ice on their commute.

Working from home using remote access also means that many thousands of people are able to cope with the widespread closure of schools, which has left children in need of all-day care. Of course some parents have simply been forced to take these days as holiday, which is hardly ideal, but a necessity when educational institutions cannot open.

Businesses which do lose out as a result of the climate need not take too much woe from the staggering predictions for daily costs, because experts believe that employees are likely to make up for lost time by staying later and working harder, once the weather has cleared up and they are able to return to their desks.

This is precisely what has happened in previous years, so even if productivity lags and continuity is compromised now, the future is the time for catching up and making amends.

If winters are set to get colder and snow is a more frequent visitor to the UK, it is likely that business continuity planning and disaster recovery will gain new importance within businesses around the country.

Scottish authorities criticised for sustained history of data loss

The Liberal Democrats have discovered information about the extent of data loss from public sector organisations based in Scotland, covering institutions controlled by the NHS, police and local councils.

In the first six months of 2010, a wide range of devices were lost by seven different NHS trusts in Scotland. Among the data were patient details covering more than 100 individuals linked with a drugs rehabilitation program.

In Glasgow eight laptops, three desktops and six portable storage devices were stolen, with the most brazen robbery taking place from within an X-ray viewing cubicle in the spring of this year.

Unencrypted data was unwittingly lost by Strathclyde Police when a USB storage drive was reported as having been misplaced. This event was all the more serious because it contained notes relating to ongoing investigations.

Scottish councils were responsible for the loss of five laptops on which private data relating to local school children was stored, along with more than 60 PCs lost or stolen from educational establishments themselves.

The findings suggest that a majority of the data stored on these council-managed devices was actually encrypted, or indeed was unimportant and did not relate to any local citizens.

The Liberal Democrats have been vocal in their call for immediate improvements to data protection and management within the public sector, after discovering the extent of the problem. It said that the presence of encryption would not be enough to instil trust in the public.

Liberal Democrat spokesperson Robert Brown, said that public sector organisations had to appreciate that being charged with the protection of private data was a big responsibility. He also claimed that the Scottish authorities are failing to deal with a worsening situation.

A spokesperson for the Scottish government, said that the security of data during transmission and storage were something which it believes to be of utmost importance and, as such, it has rigorous policies governing data protection.

The spokesperson was keen to point out that the ultimate responsibility lies with the individual organisations and not with the central authorities.

Bank customers victims of data loss

Several customers of Tesco’s banking service have reacted angrily after they were informed that personal data relating to their accounts was lost in transit.

A total of 39 people have been affected by this data loss incident, with officials claiming that the data is irrecoverable. The affected parties were involved in a dispute with Tesco Bank in relation to credit card charges and financial details, home addresses and names have all been leaked as a result of the error.

Tesco Bank has not been willing to name the firm responsible for the loss, which happened when the letters were travelling between Glasgow and Manchester, but it’s been suggested that a contractor from Royal Bank of Scotland was the source of the letters.

The data loss was detected in June and Tesco informed the affected parties last month, sweetening the bitter pill by giving them free anti-fraud insurance for two years to prevent their details being used in a malicious manner by criminals.

Observers have criticised Tesco Bank and its partners for failing to properly protect personal details of a particularly sensitive nature and some believe that this data loss, although relatively small, is evidence of a wider lack of irresponsible behaviour within the financial sector.

A spokesperson for the organisation said that it is company policy to send any such correspondence via recorded delivery, but it is believed that in this case the details leaked out because they were sent by the Royal Mail’s standard service. The spokesperson went on to reassure current customers that the bank has tightened up its security across the board and contacted users to let them know of improvements and changes.

The spokesperson said that Tesco Bank would be ensuring all of its partners operate in a manner that complies with its own security regulations when it comes to dealing with sensitive customer data.

Tesco Bank had collected the financial details relating to the 39 customers making complaints from RBS just prior to the data loss because it had previously been a share holder and credit card service supplier backing up the retail brand’s banking venture.

Scottish farmland slated for billion pound data centre

A £950 million project to build one of the world’s largest data centres in rural Scotland is just days away from approval by local council officials. Although the build has already received firm verbal support from public figures, a meeting on November 25th will see the ratification of the plans.

Once given the go-ahead, farmland not far from Lockerbie will become the site of frenetic activity as nearly a billion pounds worth of investment will flood in once construction gets underway. Continue reading

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal