News
Will the NHS ever learn after Brighton fined £325,000 following data breach?
June 2012 by Cryptzone
In response to the breaking story that NHS Trust in Brighton has been fined £325,000 following data breach which affects thousands of patients and staff, below is a comment and some advice from Grant Taylor, VP of Cryptzone UK. If you need anything else please do let me know.
“The NHS has repeatedly been cited by the ICO as having the worst data protection record. Given it is dealing with the most personal of information more care needs to be taken, especially when working with third party contractors.
Whilst this is a very serious data breach and the monetary penalty is designed to act as a warning to others, it may deter some organisations from voluntarily reporting data breaches in the future. Ensuring third party suppliers sign up to and follow NHS security policies and procedures will become increasingly important as the NHS continues to outsource activities.”
Our top tips:
1. Review contracts and SLAs regularly and be aware when they are due to expire
2. Be rigorous in prohibiting further sub-contracting of your projects or at the very least require contractors to seek your prior consent.
3. When choosing a data processor consider more than just technical ability. Make sure you are provided with sufficient proof of security measures that will be undertaken.
4. Look for organisations that not only have documented security policies and procedures in place, but who can demonstrate they are serious about enforcing them throughout their workforce.
5. Always remember outsourcing does not absolve your organisation from its data protection responsibilities.
“Any security process is only as good as the people doing the job” said Eileen Buck, MD of CoGo Agency, a Cryptzone partner, who is helping NHS hospitals and trust with policy compliance. “When policies and procedures aren’t easily available to refer to for infrequent but critical tasks, this is when mistakes like this occur”.
