What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
RAIDON

East & North Hertfordshire NHS Trust In Breach of UK Data Protection Act

After unencrypted USB stick lost on a train journey home

By Jean Jacques Maleval | October 8, 2010 at 3:27 pm

The Information Commissioner’s Office (ICO) has found East & North Hertfordshire NHS Trust to be in breach of the Data Protection Act after an unencrypted USB stick containing sensitive personal data was lost on a train journey home.

east_north_hertfordshire_usb_stick_lost

The USB stick was used by a junior doctor to record brief details of patients’ conditions and medication before being handed to the next doctor on shift. In this incident the doctor had accidentally taken the USB stick home intending to forward the data electronically, but lost the unprotected device on a train. It has not yet been recovered.

The doctor informed the Trust immediately after discovering the loss and a full investigation was conducted. Enquiries by the ICO revealed that the junior doctor had not been aware of the Trust’s data protection policies and did not have access to email to receive policy reminders and updates. It was also discovered that the Trust’s policies on the use of personal USB sticks were not clear and no technical measures were in place to prevent misuse of portable devices.

Nick Carver, Chief Executive of East & North Hertfordshire NHS Trust, has signed an Undertaking agreeing to take a series of steps to ensure that the Trust’s policy on the use of portable devices is clear and communicated to all staff. The Trust has also agreed to provide training for all staff who have access to personal information. The Undertaking also requires the Trust to regularly monitor for compliance with security procedures and to implement appropriate safeguards to prevent a similar breach in the future.

Mick Gorrill, Head of Enforcement at the ICO, said: "Storing sensitive personal data on unencrypted data sticks is a risk Trusts should not be willing to take. If it is vital to store information for handover, this must be done with the highest security measures in place. Furthermore, it is vital that employees are fully aware of processes which could have prevented this incident from occurring. I am pleased that the Trust has agreed to take practical and effective steps to ensure such an incident does not occur again."


To view a full copy of the Undertaking

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E