The healthcare industry continues to live up to its reputation for suffering the most data breaches after the Information Commissioner’s Office (ICO) found Healthcare Locums Plc (HCL) in breach of the Data Protection Act (DPA).
HCL, which is a specialist healthcare recruitment agency, lost a hard disc drive (HDD) that contained personal data of the doctors it employed, such as their security clearances and visa information.
The issue came to light when the HDD was returned to HCL by a member of the public after it had been sold on an online auction website.
It seems that the HDD had gone missing whilst it was being transferred from HCL’s Skipton branch to its branch in Loughton earlier this year. But as no inventory list had been created for the transfer, HCL failed to realise the storage device had gone missing until it was reported by a member of the public.
“This breach highlights the importance of making sure personal information is transported in a way that complies with the Data Protection Act,” said Sally Anne-Poole, Enforcement Group Manager at the ICO in the ruling. “I am pleased that Healthcare Locums is taking remedial steps to make sure incidents like this one do not happen again.”
The loss of storage media is unfortunately commonplace nowadays. For example, in early September a memory stick said to contain anti-terror training manuals was discovered outside a Manchester police station. In May, a NHS worker in the secure mental health unit of a Scottish hospital was suspended, after he lost a USB stick containing patients’ medical records.
Other recent breaches include DSG Retail Ltd, (the owner of PC World), being slapped over the wrist by the ICO after eight completed customer credit agreements containing personal and financial details were discovered in a skip outside one of its PC World stores.
Despite numerous other examples, the ICO has yet to issue any fines. In June, for example, the ICO published a list of all the data breaches reported since 2007. Of the 1,007 reported breaches, the NHS was responsible for 305.
The ICO has previously warned businesses that if they do not own up to data breaches, they will face tougher action than those that come forward of their volition. Companies that fall foul of data breach laws risk a maximum fine of £500,000 under powers granted to the ICO in January this year.
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…