Public Sector Urged to Take Better Care of Confidential Data
LONDON, December 9, 2013 /PRNewswire/ --
- At least 26,000 personal records have been exposed to ID fraud this year
- Patient confidentiality at risk as medical records continue to be treated with negligence
- Shred-it identifies 2013's worst culprits in data security
Data security blunders are putting NHS patients and local government taxpayers at risk of identity fraud, according to a new compilation of some of the worst culprits in data security released by information security experts, Shred-it, today.
Despite receiving fines in excess of £1.1m in the last 12 months, public sector organisations are still not doing enough to ensure staff and managers understand and implement information security policies that keep the information they hold on members of the public safe.
Information security experts at Shred-it have compiled a list of seven of the worst data protection mistakes which exposed personal data on at least 26,000 people. Among the worst offenders listed is University Hospital of Wales, Cardiff where a pile of patient records were dumped on top of a shredding bin in a corridor, exposed for anyone to handle.
"The public sector is guilty of serious failings in the way it is looking after people's confidential and personal information. The lack of improvement in data security is particularly worrying given the quantity of personal data that public sector organisations hold. Simple and easily avoidable errors are not only costly but are hugely damaging to an organisation's reputation as each week another privacy breach hits the headlines."Robert Guice, Executive Vice President, Shred-it EMEA
And it's not just paper documents that are being left open for fraudsters to take advantage of. Earlier this year, 2000 council records were inadvertently uploaded to the internet website What Do They Know (WDTK) after an employee from Islington Borough Council responded to a Freedom of Information (FOI) request. Report authors, Shred-it, are calling for public sector institutions to undertake comprehensive training in data protection to ensure fewer mistakes are made in 2014.
"Patients are already under a lot of stress and the last thing they need is to worry about the security of their private information. All staff handling confidential data need to have a security conscious mind-set, to avoid simple errors becoming costly and dangerous." Robert Guice, Executive Vice President, Shred-it EMEA
Official statistics from the ICO show that public sector institutions have faced fines of over £1.1 million this year, an astonishing 65 per cent of all fines issued. The UK taxpayer has lost out to the tune of over £4 million[1] in the past two years and over £1 million this year alone owing to poor data protection protocols and security procedures in the UK public sector. Whilst performing better than the public sector, private sector organisations are far from getting it right with the ICO this year dishing out fines totalling £600,000 for serious data information breaches.
"Perhaps a better way for the ICO to combat this on-going issue is set in place a programme, which sees data protection fines being ring-fenced into comprehensive information security training" adds Robert Guice.
"Adopting an information security system has had a direct benefit to our business", said Luke Champion AIEMA, Environment Manager, Royal United Hospital Bath NHS Trust "Patients feel more comfortable that we will safeguard their confidential information and employees are no longer uncertain about what to do. It's helped us improve our service while at the same time reduced our risk of being fined by the ICO."
"Proper training of staff in data protection and information security is a preventative measure that has the ability to transform the way public sector institutions treat confidential data. The private sector must also avoid complacency when it comes to its handling of confidential data as stats show that 2 in every 5 large businesses suffer a data breach with losses of more than £500,000." Mr Guice continued.
About Shred-it (http://www.shredit.co.uk)
Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges.
Shred-it has branches in the following UK locations: Belfast, Dublin, Glasgow, Edinburgh, Leeds, Chippenham, Preston, Newcastle, Manchester, Birmingham, Milton Keynes, Portsmouth, Exeter, London - Stratford, London - Brentford, Nottingham and Cardiff.
--------------------------------------------------
1. *Figures of fines taken from the ICO website http://www.ico.org.uk/enforcement/fines Total of public sector fines since 2011 is £4.03million
Share this article