A north London health authority has been given until the end of the month to improve its information security policies following an embarrassing information security blunder last year. The Information Commissioner's Office has given Camden Primary Care Trust until the end of the month to pull up its socks following a breach of …
High standards are only high if consistent
"NHS Camden sets itself incredibly high standards when it comes to patient confidentiality and data protection," Larkman said. "Unfortunately, on this occasion we fell below our high standards by inadequately disposing of a number of obsolete computers."
It's like saying you have incredibly high personal standards of honesty, but unfortunately on this occasion you fell below your high standards by lying.
You know, initially I thought this must be just the latest variant of that weird seizure disorder that afflicts the public sector when they get hold of a computer with sensitive data on it; you know, the one that renders them completely unable to keep hold of it, wipe it, find it or stop blabbing about it to other departments. Then I realised, it was an Information Sharing Order, it's just that the recipient part of the form was blank, so the ****wits thought that meant the ENTIRE BLOODY WORLD...
Seriously, DBAN. It's not hard FFS and it's free.
Oh come on!
I worked in the NHS fifteen years ago, and we already had a chuffing great magnet for knackering hard disks back then - where have these people been?
The statement 'Failure to comply with the order would place the health authority in contempt of court.' - what does this mean exactly. Does it mean a fine and thus remove monies from healthcare or does it mean a stiff letter from some jobsworth in government?
I really don't care about "Policies" in this case.
I really care about practices.
In this case, place the Chief Executive of the Trust in Contempt of Court, drag away in the public glare in handcuffs and lock him/her/it up for a while. Make sure it is not a nice place and make sure the whole world knows. Even if it only for one night. Then rack up the insurance costs and take it out of their bonuses.
These so called "leaders" must be held accountable and made take data loss seriously. A dose of prison will probably concentrate their minds and will be a lesson to others. Same with the senior bankers and dodgy politicos and their expenses.
i mean seriously i had full access to the entire pct systems and they didnt even bother vetting me.
All my interview consisted of was
Hi im ...
this is ...
twas a joke !
and to think i bothered putting on a suit !!!
but who is responsible?
the guy in charge,
or the over worked IT guy who wasn't properly allowed the time and space to actually wipe the machines?
it's all very well to say use DBAN, but if you do that where the PC is set up then you will get complaints from the guys who see their desk space being used by a useless box sitting in the way of their upgrade.
And I doubt that the IT offices are large enough to store a mountain of computers whilst they were waiting for the time to get around to wiping them before disposing of them...
I'm not defending them, just suggesting it's probably not that the person who put these there was likely up against it and it was just something that was overlooked.
or perhaps this is a good call to have a situation where no data is actually on the machines, and is instead only accessed, from some kind of large centralised database
(bring on the big databases... umm no wait,, I can't believe I just said that).
policy for responsibility
Instead of the Trust being in contempt of court it should be made the responsibility of an individual when in a public organisation.
That way any fine or punishment would not be on the patient's and that individual would have some motivation to do their job!
It is fairly common practise in other industries to make individuals responsible... e.g. at Channel 4 a producer is responsible for their program right up to broadcast, so they have to chase idents and adverts and stuff. Funnily enough it works well that way!
But everything else is secure
Don't worry the NHS database will be different
People and organisations like this won't have access to the data so there will be no chance of it being lost or security being breached in any way
Hospital F*tards cant erase old data
I feel that those reponsible for this breach be subjected to punishment by the patients, whose data they exposed.
Now, if I were one of those patients, I would get my hands on a bag of USED hypodermic needles, and use those f*tards as a dart board. Put the "bullseye" right over the groin.
but that means it's OK for them to make their huge database to track every bit of detail about us - as long as they "lose" all of the data before putting it in to the database it is now public information and isn't private and confidential any more, so it's OK
NHS not doing well...
Looking at the list of recent enforcements, the NHS has had quite a lot of stick over the past few months. Before November last, nowt of notice. But seven notices of one description or another have been related to NHS trusts...