ICO warns NHS PCT over data leakage from old computers
31/03/2009
The Information Commissioner’s Office (ICO) has warned Camden Primary Care Trust to make sure that data is wiped from old computers before they are decommissioned.
The warning follows a discovery that several old computers were left in a skip outside St Pancras Hospital in August 2008. The computers disappeared and were never recovered, They contained unencrypted data on 2,500 patients.
The ICO has made several recommendations to the NHS following the incident, including the implementation of a communications programme to keep staff informed about proper computer disposal procedures and encryption regulations.
Failure to meet these recommendations, which were presented in the form of an Enforcement Notice, would be regarded as in contempt of court. Several other government organisations are also covered by the Enforcement Notice. The ICO says, “the Information Commissioner’s Office has ordered a number of organisations to sign Undertakings following breaches of the Data Protection Act. Organisations include the Department of Health, NHS Trusts, Home Office, Foreign and Commonwealth Office and Orange Personal Communications Services Ltd.”
A Camden Trust spokesman said the incident was a one-off, "NHS Camden sets itself incredibly high standards when it comes to patient confidentiality and data protection. Unfortunately, on this occasion, we fell below our high standards by inadequately disposing of a number of obsolete computers.”
The warning follows a discovery that several old computers were left in a skip outside St Pancras Hospital in August 2008. The computers disappeared and were never recovered, They contained unencrypted data on 2,500 patients.
The ICO has made several recommendations to the NHS following the incident, including the implementation of a communications programme to keep staff informed about proper computer disposal procedures and encryption regulations.
Failure to meet these recommendations, which were presented in the form of an Enforcement Notice, would be regarded as in contempt of court. Several other government organisations are also covered by the Enforcement Notice. The ICO says, “the Information Commissioner’s Office has ordered a number of organisations to sign Undertakings following breaches of the Data Protection Act. Organisations include the Department of Health, NHS Trusts, Home Office, Foreign and Commonwealth Office and Orange Personal Communications Services Ltd.”
A Camden Trust spokesman said the incident was a one-off, "NHS Camden sets itself incredibly high standards when it comes to patient confidentiality and data protection. Unfortunately, on this occasion, we fell below our high standards by inadequately disposing of a number of obsolete computers.”
RSS