NHS Lost CD Containing Data On 1.6 Million Patients

Fri 23 Sep, 2011 // Chris Allan

A CD containing personal information on 1.6 million people has been lost, forcing an NHS trust to take action. The CD was accidentally sent to a landfill, containing personal information including addresses, GP practice codes, and dates of birth.

The incident has been considered a breach of the Data Protection Act, resulting in the Eastern and Coastal Kent Primary Care Trust, who lost the CD during an office move, being forced to sign an undertaking with the Information Commissioners' Office (ICO).

After an investigation by the information regulator, the ICO have revealed that trust officials failed to communicate the CD's existence to the project manager who was co-ordinating the office move. Further revelations from the investigation revealed that staff ultimately failed to access guidance on how to dispose of the CD, and were not up-to-date with NHS information governance training.

Trust Chief Executive Ann Sutton has now vowed to put in place clear policies and procedures to support staff during office moves. Also ensuring that necessary training is given to all staff and that employees would be told how to follow policies on retention, storage, and use of personal information.

Ann Sutton also hoped to reassure the public with the following comments:

"I would like to reassure patients that the data stored in the CD was not current - the most recent information was from 2002,"

"It is important to stress that information systems now are far more secure than they were at the time these files were produced - we no longer store information on floppy disks or CDs and use sophisticated systems of encryption."

The NHS who are regularly criticised for mishandling sensitive information must be wise and learn from their mistakes. With 2,500 data breaches being analysed and reported to the ICO by ViaSat, CEO Chris McIntosh believes that “the ICO needs to go after major company breaches and publicise that fact”, after discovering only 36 have been acted on to date.

Chris continues, “That way the message will get out and companies who have poor security will quickly understand what might happen.”

“We have been pleased to work with commissum who have provided us with services to address our Security Assurance requirements. commissum met our demands, as an organisation operating within the Legal Services sector, with the highest level of integrity, commitment and excellent level of service. We would have no hesitation in recommending commissum.”

Mr Kenneth P, IT Manager, National Legal Services

"commissum recently provided us with services to assess a web application and supporting infrastructure. I was impressed with the consultants throughout the project, by their technical knowledge, flexibility, open communication and willingness to go that extra mile. Of particular benefit was the sound advice given both during and after the engagement. By identifying vulnerabilities promptly, accompanied with practical recommendations on how to address them. We were able to implement improvements quickly. Good value, a job well done.”

JM, Infosec Analyst, International Investment Bank

"We engaged with commissum for the first time this year and found them highly professional and a pleasure to do business with. We were particularly pleased with the report provided which was of excellent quality, with an appropriate level of detail and clarity in its recommendations. I would happily refer others to commissum.”

Mr Billy K, IT Director, National Law Firm

"We are extremely pleased with the work carried out by the commissum team. All of the commissum staff were a pleasure to work with and maintained a high level of professionalism at all times. They were able to provide us with sound advice and guidance to make sure that we got the best value for money from our test and provided excellent communication and recommendations before, during and after the tests. I would strongly recommend commissum to other companies that are looking for peace of mind in relation to their IT security and I can say that we will use commissum again for future testing.”

Chris S, IT Officer - UK Housing Association

"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"

Mr Duncan M, Information Security Manager - National Building Society

Get in touch with one of our security consultants today

No obligation
Expert advice
Tailored solutions

"commissum was particularly responsive and the project was well managed under demanding conditions. I was very happy with the technical standard. Very good value for money as well”

Mr Kenneth Y, Head of IT Risk & Compliance, International Retail Bank

"I was very pleased with the work delivered by commissum from start to finish. The quality of reporting was excellent and the consultants very helpful with clear communication throughout the engagement. I would happily recommend commissum to others.”

Ms Louisa L, IT Manager, National Building Society

"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”

Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank

"From the start the project went very smoothly despite the short notice. commissum maintained excellent communication throughout ........ their flexibility and responsiveness right up to the end of the project was of great value to us.”

Mr Keith H, Senior Business Manager - UK Local Government