NHS Lothian falls foul of the Data Protection Act
Posted on 29 Jul 2009 by Stuart
The Information Commissioner's Office has found NHS Lothian in breach of the Data Protection Act after an unencrypted memory stick was lost.
The memory stick, which contained personal details about 137 patients, belonged to an employee and should not have been used to store personal data held by NHS Lothian.
NHS employees failed to comply with data security requirements by allowing personal USB memory sticks to be used within the working environment. A properly configured IT infrastructure coupled with encryption technology would have prevented this breach of the public's personal data.
Ken Macdonald, Assistant Information Commissioner - Scotland, said: "Personal information has a value. It is vital that people's personal details are handled securely in line with the Data Protection Act."
Easy PC Scotland's stance on this is to ensure properly configured networks that only allow authorised USB devices access. In addition, it is imperitive to ensure that all sensitive data is encrypted to the highest industry standards. Not only would the business be compliant with the Data Protection Act and avoid any fines, it would guarantee that the sensitive data could not get into the wrong hands (for instance, your competitors!).
In addition to USB memory devices, it is also important to consider the encryption of laptop devices. For more information, click here.
View the ICO report here.
Testimonials
"Easy PC Scotland provided quick and correct answers and solved the problem within minutes. Service with a smile!"
Latest News
Don't get caught out by fraudlent online shops this Christmas! Use our 7 Checks to verify the shop is genuine and stay safe!