• Housing group emailed workers’ details to wrong address
  A private housing group based in Dorset breached the Data Protection Act by sending the personal data of 200 employees to the wrong email address, the ICO said today.

• Council employees’ details were published online
  Dumfries and Galloway Council breached the Data Protection Act by accidentally publishing a spreadsheet containing the names, salaries and dates of birth of nearly 900 current and former employees on their ICO said today.

• Compulsory audit powers needed for local government, the NHS and the private sector, says Information Commissioner
  Powers to conduct compulsory data protection audits in local government, the health service and the private sector are needed to ensure compliance with the law, the Information Commissioner said today at the 10th annual data protection compliance conference in London.

• Laptop thefts highlight the need for encryption
  Two organisations have taken action after they breached the Data Protection Act by failing to encrypt personal information on laptops that were later stolen, the Information Commissioner’s Office (ICO) said today.

• 10,000 archived records destroyed in hospital data blunder
  Dartford and Gravesham NHS Trust breached the Data Protection Act by accidentally destroying 10,000 archived records, the Information Commissioner’s Office (ICO) said today.

• The citizen should be in the driving seat over what information is made public, says Information Commissioner
  ‘Transparency is not just about what the authorities choose to reveal to citizens; but what citizens have a right to ask to see,’ Information Commissioner, Christopher Graham, said today, in a speech to mark International Right to Know Day 2011.

• ICO issues advice on the disclosure of research information
  The ICO has today published guidance on freedom of information legislation and research information, aimed specifically at public authorities in the higher education sector.

• Action taken over security flaw in online reporting form
  The Child Exploitation and Online Protection Centre (CEOP) and the Serious Organised Crime Agency (SOCA) – its parent organisation – have taken action after the discovery of a security flaw on CEOP’S website, the Information Commissioner’s Office (ICO) said today.

• Cashier spied on sex attack victim’s bank records
  Disturbing case highlights need for prison to be an option, says Information Commissioner

  Custodial sentences need to be available to the courts to stop the unlawful use of personal information, Information Commissioner Christopher Graham will say today in an appearance before the Justice Select Committee.

University Hospital of South Manchester NHS Foundation Trust lost the personal information of 87 patients when a medical student mislaid an unencrypted memory stick.

According to the Information Commissioner’s Office (ICO), the trust breached the Data Protection Act when the personal details of patients, and sensitive information relating to their treatment, were lost last December.

The mistake happened when a medical student, who had been on a placement at the hospital’s Burns and Plastics Department, copied data onto a personal, unencrypted memory stick for research purposes.

The ICO’s investigation found that the hospital had assumed that the student had received data protection training at medical school and therefore did not provide him with the induction training given to its own staff. The hospital has now agreed to take steps to ensure that the personal information accessed by students is kept secure.

Sally Anne Poole, acting head of enforcement at the ICO, said: “This case highlights the need to ensure data protection training for healthcare providers is built in early on, so that it becomes second nature.

Medics handle some of the most sensitive personal information possible and it is vital that they understand the need to keep it secure at all times, especially when they are completing placements at several health organisations.

“NHS bodies also have a duty to make sure their staff, both permanent and temporary, understand their responsibilities on day one in the job.

“While we are pleased that the University Hospital of South Manchester has taken action to avoid this oversight in the future, we will continue to work with healthcare bodies and education providers to make sure that data protection training is a mandatory part of people’s education.”

A further undertaking was also signed by the London Ambulance Service, which breached the Data Protection Act after a personal laptop was stolen from a contractor’s home. The laptop contained contact details and transport requirements relating to 2,664 patients.

BACK to IRONKEY NEWS