Southampton in trouble for breaching DPA26th January 2010
Southampton University Hospitals NHS Foundation Trust has been criticised by the Information Commissioner's Office for its breach of the Data Protection Act.
The trust's chief executive Mark Hackett signed an undertaking to boost information security, following an occasion where 33,000 patient records were taken from a laptop left in an 'unlocked and unattended' van in 2009.
The laptop itself needed a password to be accessed, but the patient records were not encrypted. Although the laptop was fastened to the van by a security device, this was removed during the theft.
Sally-Anne Poole, head of investigations at the ICO, said: "Storing large volumes of personal information on portable devices is unnecessarily risky. Why were so many records downloaded onto an unencrypted laptop in the first place? It is vital that NHS organisations ensure their staff handle personal information securely."
The undertaking signed by the trust stated that it will make certain that portable electronic equipment, such as laptops, are encrypted.
In 2007, HM Revenue and Customs lost information about 25 million child benefit recipients on unencrypted CDs. The NHS was informed it must ensure all devices were encrypted.
Southampton University Hospitals NHS Foundation Trust said in a statement to a local newspaper: "We have introduced a number of measures to improve security and encryption and want to reassure our patients that we are doing everything in our power to minimise the risk of an incident of this type occurring in the future."
Share this page
There are no comments for this article, be the first to comment!
Post your comment
Only registered users can comment. Fill in your e-mail address for quick registration.
Title: Southampton in trouble for breaching DPA
Author: Jess Laurence
Article Id: 13882
Date Added: 26th Jan 2010