Custodial sentences need to be available to the courts to stop the unlawful use of personal information, Information Commissioner Christopher Graham will say today in an appearance before the Justice Select Committee.
University Hospital of South Manchester NHS Foundation Trust lost the personal information of 87 patients when a medical student mislaid an unencrypted memory stick.
According to the Information Commissioner’s Office (ICO), the trust breached the Data Protection Act when the personal details of patients, and sensitive information relating to their treatment, were lost last December.
The mistake happened when a medical student, who had been on a placement at the hospital’s Burns and Plastics Department, copied data onto a personal, unencrypted memory stick for research purposes.
The ICO’s investigation found that the hospital had assumed that the student had received data protection training at medical school and therefore did not provide him with the induction training given to its own staff. The hospital has now agreed to take steps to ensure that the personal information accessed by students is kept secure.
Sally Anne Poole, acting head of enforcement at the ICO, said: “This case highlights the need to ensure data protection training for healthcare providers is built in early on, so that it becomes second nature.
Medics handle some of the most sensitive personal information possible and it is vital that they understand the need to keep it secure at all times, especially when they are completing placements at several health organisations.
“NHS bodies also have a duty to make sure their staff, both permanent and temporary, understand their responsibilities on day one in the job.
“While we are pleased that the University Hospital of South Manchester has taken action to avoid this oversight in the future, we will continue to work with healthcare bodies and education providers to make sure that data protection training is a mandatory part of people’s education.”
A further undertaking was also signed by the London Ambulance Service, which breached the Data Protection Act after a personal laptop was stolen from a contractor’s home. The laptop contained contact details and transport requirements relating to 2,664 patients.
The Greater Manchester Police has admitted to the loss of a USB stick containing data relating to an investigation.
The removable drive was stolen from an officer’s home and the device is not thought to be password protected, the BBC reported.
That officer has now been suspended as the police carry out an investigation into the incident, whilst the Independent Police Complaints Commission and the Information Commissioner’s Office (ICO) have been informed.
Just a single member of the public has been told their personal data was stolen.
“I want to reassure residents across Greater Manchester that we are taking this incredibly seriously and we are working hard to both identify who was responsible for the burglary and recover the stolen memory stick,” said Assistant Chief Constable Garry Shewan.
“I want to stress that we do not believe the officer’s home was deliberately targeted, but that this was an opportunistic burglary. I also want to make it clear that any suggestion this memory stick contained lists of names of people who ‘tipped off’ police is inaccurate.”
An ICO spokesperson said the watchdog had been informed of a possible data breach, which “may involve Greater Manchester Police.”
“We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding on the necessary course of action,” the spokesperson said.
A recent Big Brother report claimed police database abuse was “hugely intrusive.”
Earlier this month, the ICO found the Lancashire Police force had breached the Data Protection Act.
Note From Editor: We supply a number of Police forces throughtout the UK and have a Special Police Price Agreement. Contact us now to secure your portable data at the UK’s lowest prices from the UK’s IRONKEY Experts