NHS worst for data breaches says Information Commissioner

The NHS reported the highest number of serious data breaches of any UK organisation since the end of 2007, the Information Commissioner’s Office says.

NHS is worst data offenderDavid Smith, deputy commissioner at the ICO told the Infosec security conference the NHS had highlighted 287 breaches to it in the period.

That accounts for more than 30% of the total number reported.

The NHS – the UK’s largest employer with 1.7m staff – has only started the process of rolling out digital patient records.

Most of the breaches (113) were the result of stolen data or hardware, followed by 82 cases of lost data or hardware.

Mr Smith said the problems were not confined to the public sector and that results could be skewed because the public sector has a culture of reporting all breaches whereas not all private sector firms did.

Richard Vautrey, the deputy chair of the British Medical Association’s GPs committee thinks the number of breaches reflect the size and complexity of the NHS as well as its culture of openness.

“So many people have access to data and often human error is to blame. There is an increased attempt to be open and honest about what happens to data,” he said.

He added that he was not aware of a specific case where a data breach had affected patient privacy or care.

“We need to keep their breaches in perspective,” he said.

As part of its plans to digitise patient records, the NHS is asking patients if they want their data stored on national databases. It is important that people are given the chance to opt out, said Mr Vautrey.

Currently the reporting procedure for data breaches in the UK is voluntary although the ICO is “moving towards” a compulsory system.

In April the ICO introduced fines of up to £500,000 for serious data breaches.

The European Union’s Telecoms Package requires telecom firms to report data breaches and Mr Smith said he expected this requirement to expand beyond telcos.

Data encryption firm PGP welcomed the tough new approach to data security.

“Finally the ICO, which has long demanded greater powers, will be able to severely punish those in serious breach of the Data Protection Act. For too long, organisations have continued to ignore the warning signs – risking both the privacy of their customers and the reputations of their brands,” said Jamie Cowper, European marketing director at PGP.

He anticipates “severe fines” for the next private sector company to be involved in a serious data breach although he does not imagine the ICO will pursue the NHS.

PGP calculated that data breaches cost companies, on average, £67 per piece of data lost.


Health Direct asks- given that the NHS has the worst record of data security and that labour politicans have already sent 250,000 political letters to cancer sufferers- are you CERTAIN that your medical records will be safe on the Snoopers Charter database? If not OPT OUT NOW- whilst you still can!

Comments are closed. Posted by: Health Direct on

Tags: , , , , , , , , , , , , ,