Health service worker loses job after a laptop containing unencrypted sensitive patient information was stolen from car
Colchester University Hospital has sacked one of its managers following the theft of his work laptop – containing the unencrypted names, postcodes and treatment plans of several thousand patients – from a car in June. The Trust said that the decision “(sent) out a clear statement about how seriously the trust takes security and patient confidentiality.”
Jamie Cowper, Director of Marketing EMEA at data protection expert PGP Corporation, has made the following comments:
“This latest incident again demonstrates the serious problems with security that exist within the public sector – but also shows that disciplinary bodies are getting increasingly tough with those people that contravene data protection policies. Clearly, the public sector wants to be seen to be addressing this problem.
However, while the weakest link in data protection is more often than not the end user, the real lesson to be learnt here is that technologies such as encryption should be implemented and managed on an enterprise-wide basis, not left up to the individual. Unless there is evidence of grievous misconduct, the responsibility for data security should lie with the organisation as a whole – and that means that in cases such as this, punishment should be top down rather than bottom up.”
