NHS organisations were responsible for 30 per cent of the security breaches reported to the Information Commissioner's Office over the last two years. The ICO said that, of the 711 reports of security breaches it has received since HM Revenue and Customs reported its loss of 25m child benefit records in November 2007, 209 came …
I am not surprised
One PCT in the North (actually in west yorkshire) has told it's IT dept there are areas they cannot go in the servers. So as a result IT are not allowed access.
As a result those members of staff that do get access have seen the downloaded film collection, the pron, the games etc.
Same PCT has a requirement for all staff to put their username and password in a ring binder / folder, in case they are on holiday and need to get access.
Routinely giving access to EVERYONES email accounts. Things I know as a result of this policy is shocking, information just flating across the email systems.
The NHS is run on pay grade not skill or professional competance. And they have procedures for counting stock (I kid you not) because some people on very high pay rates cannot even count boxes in a cupboard.
Either way the fact the ICO is actually doing his job is a shock, where was he with Phorm. Oh yeah, taking back handers.
AC because I work in another PCT and want to keep my job. However my PCT is at least trying with awareness training and limiting access, encryption etc.
When are these numpties going to learn, password protecting a computer is useless unless its encrypted. It would take all of 2 mins with an ubuntu live cd to bypass if someone really couldn't be bothered to remove the drive and connect it directly to another machine.
I used trucrypt to encrypt my netbook the other day, just as a bit of an experiment, it's a pretty idiot-proof process, and near invisible once done. It didn't even need to stop me using it to do the encryption and took about 4 hours.
This is a home user, who doesn't really need it, and i can't see any real reason not to do it, if only to deprive anyone who stole it of my porn collection, they can damn well find some themselves. Not doing it to a company/government laptop, even if you are too cheap to pay for pointsec or some other such commercial encryption, just seems like complete idiocy.
Put a price on personal data
If personal data were given a suitable monetary value, then the fat-cats in charge of these lossy Govt facilities could be fined a percentage of the data-deficit.
Think of it as a data-performance anti-bonus scheme.