Monday, 3 February 2014

Data Privacy...

The Data Protection Act is there safeguard our personal information when being held by organisations.  That in itself we hope would be good enough, but if it isn't it is policed by the Information Commissioner's Office (ICO) who are an independent authority.

The ICO have the ability to issue fines up to £500,000 where there are serious breaches to the Data Protection Act and Privacy and Electronic Communications Regulations.  There have been some notable cases in the news, including:

  • NHS Surrey, who lost sensitive information belonging to 3000 patients, which was left on a computer that was auctioned.  The fine, £200,000 (Source: BBC News)
  • Sony, whose Playstation database was hacked. The fine, £250,000 (Source: BBC News)
  • Brighton  and Sussex university Hospitals NHS Trust, who have hard drives stolen containing personal data, including medical records, National Insurance numbers, and staff home addresses.  The fine, £325,000 (Source: BBC News)
  • North East Lincolnshire Council, who lost sensitive information of hundreds of children on an unencrypted memory stick. The fine, £80,000 (Source: ICO)
  • Ministry of Justice, who emailed the details of prisoners at HMP Cardiff to three of the inmates families. The fine, £140,000 (Source: ICO)

As you can see, these data breaches whether intentional or not, happen a lot.  It would want you to ensure the organisations who have your data have the necessary safeguards, but it's all to apparent that these are not in place, whether they are encryption solutions, firewalls, strong passwords, two factor authentication, data leakage prevention solutions, website firewalls, staff training, etc.

With all this in mind, did you know that the NHS have the right to share your personal information unless you opt-out of the scheme.  I for one will be opt-ing out as soon as possible.

More information here:

No comments:

Post a Comment