March 5, 2017
Health records are amongst the most sensitive of information. Information about a person’s fertility treatment are an even more sensitive category of information again. It is not surprising that when there is a failure to keep data secure the regulator would take a strong line. At least in the United Kingdom. In Australia, the regulator has not taken a strong line yet on anything of substance.
The UK Information Commissioner’s Office (the “ICO”) fined HCA International Ltd (“HCA”) £200,000 for failing to keep records secure. The problem stemmed from Read the rest of this entry »
November 18, 2016
The facts were almost comical. In February this year a harried social worker gets to her car with a bundle of court documents under her arm. To get to her keys she puts the documents on the roof of the car. She opens the door and hops into the car and drives off to her next appointment. The court documents disappear into the Read the rest of this entry »
November 14, 2016
Data breaches through lost or stolen lap tops or other BYODs (bring your own devices) is quite common. Unlike lost paper documents it is possible to lose a significant amount of data held in digital form. Which is what happened to a Historical Society recently. The Information Commissioner has issued a Monetary Penalty Notice, fining the Historical Society £500.
The media release Read the rest of this entry »
October 9, 2016
The UK Information Commissioner has issued TalkTalk with a £400,000 fine for its failure to provide adequate security which resulted in the catastrophic data breach on TalkTak which occurred in October last year. The ICO can issue a maximum of £500,000.
The breach resulted in personal data of 156,959 customers and the bank account details of Read the rest of this entry »
August 28, 2016
A perennial problem in data security is staff taking data off site through lap tops and bring your own devices, usually USB sticks. The problem is more than removing the data offsite though that can and is a real challenge in data management. The significant issue is ensuring data is secure when it is off site.
The Information Commissioner’s Office (the “ICO”) has issued a Monetary Penalty Notice, fining a nursing home in County Antrim, Northern Ireland, £15,000 for failing to secure sensitive personal data. The breach occurred Read the rest of this entry »
August 24, 2016
Document management is the bane of many organisations. Take that issue and put it on steroids and that is the scale of the potential disaster that awaits a breakdown in handling personal information. Government agencies collect a large amount of personal information and are geared towards keeping detailed files. That means a large volume of documentation.
The Hampshire County Council has been fined £100,000 as a result of 45 bags of confidential waste found in a disused building. The documents contained sensitive information about adults and children in vulnerable situations.
It is a case of a failure to Read the rest of this entry »
June 10, 2016
Poor data handling policies can lead to very embarrassing outcomes, particularly when it results in the use of emails to transmit sensitive information. A common form of data breach. A police officer at Dyfed Powys used the internal email system on 18 June 2015 to send emails to five internal recipients. One of the emails contained a list of 8 registered sex offenders in Powys including their names, addresses, telephone numbers and email addresses.
The officer sent the email to a person outside the police service, in other words, outside the internal email system. The recipient was a member of a community scheme, who notified the police of the error.
The Information Commissioner found that Read the rest of this entry »
May 27, 2016
It is quite common for equitable claims for breach of confidence relate to private commercial information being taken by ex employees to be used by competitors. A new take is Read the rest of this entry »
May 15, 2016
The Information Commissioner’s Office (the “ICO”) has imposed another swingeing fine for a breach of the Data Protection Act, on this occasion an NHS Trust publishing the national insurance numbers, dates of birth, religious beliefs and sexual orientation of 6,574 members of its staff on its web site. As a result the Blackpool Teaching Hospitals NHS Foundation Trust has been fined £185,000. While the breach was egregious it was inadvertent. Even so, the distinction between inadvertent and deliberate goes more to penalty rather than Read the rest of this entry »
May 1, 2016
One of the biggest challenges in privacy and data protection is having staff who use the data being properly trained and applying that training properly. Having Read the rest of this entry »