The Information Commissioner’s Office has slated the Department of Health over a data protection debacle that saw Doctor’s intimate personal details plastered over the web. The security breach on the Medical Training Application Service (MTAS) website, which the ICO became aware of in May, meant junior doctor’s personal data, …
The punnidhment is something along the lines of "Do everything that you are supposed to do, by law, or we'll be cross and next time we might do something about it. Sign here so show you understand."
If this was a company, rather than a government department there would have been heavy fines.
So this is all about just one doctor? Or did you mean to write doctors' each time you wrote doctor's?
Fraser I don't think the approach is perfect, but (hopefully) the ICO coming in and giving the NHS a good telling off will cause a cultural shift and force them to take more care about personal data and improve things for the next time. (This is probably very optimistic but that is what the ICO is attempting).
What would the point of fines be? For a company it has a (kind of) direct impact on the shareholders who then presurise the company in performing better (assuming the fines are more than a tiny blip on the balance sheet). In the companies case therefore the fine has a purpose.
For a tax payer funded organisation what is the point of a fine? All it does is give a big monetary figure of how bad the NHS has been and ultimately result in less tax payers money being spent on what the NHS is meant to be spending it's money on. The actual fine will probably end up back in the Treasuries bank account and will probably be instead spent on consultants or some other waste of tax payers money. I doubt neither the ICO or NHS will get the money back. So the net result of a fine would be to punish the tax payer and waste their money.
Testing devloping apps
"penetration and vulnerability testing on developing apps" hahaha
This was never piloted. The pilot was 30 000 trying to log on at once. There were never any nodes available to service any requests and it was clearly designed by people who are incompetent with regarsd to security.
It wasn't the DoH, it was subcontracted out to Methods Consulting. I am reliably informed that the guy who wrote the whole thing is a very nice person and was very upset by the whole affair. Well that makes it alright then. I am surprised they are not mentioned by name.
Someone should have lost their job over this. Instead they just have to promise to behave next time.
COI: One of those affeceted by this tragic system
Working at the coalface in the NHS, try getting access to the information you actually need to do your job.
Empires are being built on the basis of "I know and I'm not telling you."
I had to threaten the head of our Records department with arrest for her refusal to supply statutorily required information in order to register a death of a patient. It wasn't till a cop appeared that the information was supplied. The bitch was due for arrest until the information was disclosed. The public prosecutor had to have a word with them.
Apparently data is power.