The healthcare industry continues to live up to its reputation for suffering the most data breaches after the Information Commissioner’s Office (ICO) found Healthcare Locums Plc (HCL) in breach of the Data Protection Act (DPA).

HCL, which is a specialist healthcare recruitment agency, lost a hard disc drive (HDD) that contained personal data of the doctors it employed, such as their security clearances and visa information.

The issue came to light when the HDD was returned to HCL by a member of the public after it had been sold on an online auction website.

Missing In Transit

It seems that the HDD had gone missing whilst it was being transferred from HCL’s Skipton branch to its branch in Loughton earlier this year. But as no inventory list had been created for the transfer, HCL failed to realise the storage device had gone missing until it was reported by a member of the public.

“This breach highlights the importance of making sure personal information is transported in a way that complies with the Data Protection Act,” said Sally Anne-Poole, Enforcement Group Manager at the ICO in the ruling. “I am pleased that Healthcare Locums is taking remedial steps to make sure incidents like this one do not happen again.”

Meanwhile, Mo Dedat, Chief Operating Officer of Healthcare Locums Plc, has signed a formal undertaking outlining that the organisation will ensure contracts are put in place between the organisation and any contractors it uses to process personal data on its behalf. It will also ensure that itineraries of equipment used to process personal data are maintained and updated in order to ensure any similar incidents are detected quickly and handled appropriately.

The loss of storage media is unfortunately commonplace nowadays. For example, in early September a memory stick said to contain anti-terror training manuals was discovered outside a Manchester police station. In May, a NHS worker in the secure mental health unit of a Scottish hospital was suspended, after he lost a USB stick containing patients’ medical records.

Other recent breaches include DSG Retail Ltd, (the owner of PC World), being slapped over the wrist by the ICO after eight completed customer credit agreements containing personal and financial details were discovered in a skip outside one of its PC World stores.

Still No Fines

Despite numerous other examples, the ICO has yet to issue any fines. In June, for example, the ICO published a list of all the data breaches reported since 2007. Of the 1,007 reported breaches, the NHS was responsible for 305.

The ICO has previously warned businesses that if they do not own up to data breaches, they will face tougher action than those that come forward of their volition. Companies that fall foul of data breach laws risk a maximum fine of £500,000 under powers granted to the ICO in January this year.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Kaspersky To Shutter US Operation After National Security Ban

Russian cybersecurity giant Kaspersky is to close down all of its operations in the United…

14 mins ago

Microsoft Faces UK Probe Over Inflection Staff Hiring

Poaching staff? UK's CMA regulator confirms phase one investigation of Microsoft's “hiring” of former Inflection…

3 hours ago

Elon Musk To Relocate SpaceX, X HQ To Texas

Leaving California. Elon Musk protests new gender-identity law, says he will move headquarters of SpaceX…

4 hours ago

Hackers ‘Publish Walt Disney Internal Slack Data’

Hackers reportedly publish data from thousands of Disney internal Slack communications, including data on strategy…

1 day ago

Apple Shares Reach All-Time High On AI Optimism

Apple shares surge after Morgan Stanley rates company 'top pick' over AI plans and says…

1 day ago

Musk Confirms Robotaxi Delay For Design Change

Elon Musk confirms delay of Tesla robotaxi launch as company's shares surge after he publicly…

1 day ago