SecurityWorkspace

ICO Slaps Nursing And Midwifery Council With £150k Fine

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

ICO calls the midwife after courier loses DVDs

The Nursing and Midwifery Council has been hit with a £150,000 fine by the Information Commissioner’s Office (ICO), after it lost three DVDs related to a nurse’s misconduct hearing.

The Council, a regulator for healthcare professionals in the UK, admitted to the mistake, which saw confidential personal information and evidence from two vulnerable children lost. The data was unencrypted, according to the ICO.

ICO calls the midwife

Call-The-MidwifeDVDs went missing from their cases during the couriering of evidence related to a ‘fitness to practise’ case, and have yet to be found. The cases did not show any evidence of tampering.

“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again,” said David Smith, deputy commissioner at the ICO.

“While many organisations are aware of the need to keep sensitive paper records secure, they forget that personal data comes in many forms, including audio and video images, all of which must be adequately protected.

“The Nursing and Midwifery Council’s underlying failure to ensure these discs were encrypted placed sensitive personal information at unnecessary risk. No policy appeared to exist on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered.”

The Council wouldn’t be drawn into saying whether it would appeal the fine or not, but noted it was disappointed by the ICO’s action. It also claimed its policy did require encryption, despite the ICO’s suggestion there were no rules in place.

“Our policy, in place at the time, required encryption. We received the DVDs from the police unencrypted, but we failed to encrypt them before we sent them on,” the Council said, in a statement sent to TechWeek.

Are you a security pro? Try our quiz!