Lack of NHS laptop encryption a breach of patient trust
PGP (GB) (published 01/07/2008)
Stolen health service laptop contained unencrypted patient data in the latest IT security scandal to hit public sector industry
In the latest serious data breach incident, a laptop containing the personal details of several thousand patients has been stolen from the car of a Colchester University Hospital manager. Affected patients were told that the computer was password-protected and only authorised staff could access the data – however, patients were also told that since the data was not encrypted, there was a small chance their details could be accessed.
Jamie Cowper, Director of Marketing EMEA at enterprise data protection expert PGP Corporation, has made the following comments:
“Once again, we see that it’s going to take more than a major incident like the HMRC breach to change attitudes towards data protection in the public sector. Staff at the NHS Trust involved were reminded that patient details should not be stored unencrypted on laptops – yet this reminder clearly went unheeded. Perhaps there needs to be some basic education carried out within public sector organisations that password protection on its own does not equate to encryption.
In a statement designed presumably to reassure affected patients, the Trust said that it believed the data would 'almost certainly' be wiped by the laptop thief. However, this will be of little comfort to those people whose personal details have been exposed by an organisation they had trusted to keep them safe. The public sector has to take its data handling responsibilities seriously, because if these type of incidents keep occurring, there’s a real possibility that members of the public will begin to refuse to supply sensitive information to government organisations without rigorous and costly assurances.”
