By: Alastair Revell, Managing Consultant, Revell Research Systems
Published: 2nd June 2010
Copyright Revell Research Systems © 2010
I find it worrying that the Information Commissioner’s Office (ICO) reports that the NHS is the United Kingdom’s worst offender in terms of keeping personal data, especially in light of the Patient Summary Care Record scheme, which will eventually hold details from most people’s medical records.
The question for me is simple: Can they be trusted to look after computerised medical records?
According to a spreadsheet accompanying the ICO’s press release of 28th May 2010, the NHS has reported more breaches than any other body to date. The data shows that these losses have largely been through either lost or stolen data/hardware rather than insecure disposal or accidental disclosure.
I agree absolutely with David Smith, the Deputy Commissioner, who said: “The ICO maintains it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.”
However, the issue of data protection is clearly wider in scope than our trust in the NHS’ ability to keep our data secure.
The press release actually marks the 1,000th breach reported to the ICO, with the actual number now standing at 1,007. A rough calculation suggests that between one-in-two and one-in-three people in the United Kingdom have had their personal data compromised.
The ICO have said that although more personal data has been lost by the NHS, the largest ever breach reported was the loss of 25M people’s personal data by HMRC on two CDs in November 2007.
However, the data shows that the second largest offender collectively is the private sector, which doesn’t surprise me. Worse still, I suspect that most private sector breaches probably go unreported, so this figure might be the tip of the iceberg.
The ICO is keen to remind organisations that it can now levy fines of up to £500,000 per breach.
If you would like to know more about the new powers the Information Commissioner acquired in April 2010 and what the outcome might be should you be reckless with personal data then you might like to read my recent blog on data protection!
This weblog is produced by Revell Research Systems.
We have not received any comments against this entry. Why not be the first?
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761