NHS staff should be more aware of data security risks as patient confidentiality "is at the heart of what they do", Jonathan Bamford, head of strategic liaison at the Information Commissioner's Office has said. Speaking at an event on healthcare efficiency, he said that he was confounded by the disconnect between staff awareness …
Not just security - all of IT
There is unfortunately a big disconnect in people's minds when it comes to computers. Too many people regard them as the magic box with lights, and seem to discard all common sense when it comes to computers. Lack of basic security awareness is just one area of this - how about that stalker/voyeur who persuaded women to point their hacked computers webcam at the shower? Or the criminals who post videos of their acts on Facebook?
I can answer that
"Why is there that disconnect there? Why have things fallen down in that way?"
People take data protection trivially, because the penalties for not taking it seriously are trivial.
You can bet your life that if the penalties ranged from disciplinary tribunals, dismissal and jail time, people would immediately start taking it seriously.
Increasing the penalties won't help
It will just make people more likely to cover up a data security incident
Kettle and pot
And this, coming from the ICO, the organisation whose policy department informed me two weeks ago that a company has a right to target me with direct marketing if they make this clear in their terms - despite my legal right under law to ask them to stop. And the same organisation that then informed me that a company cannot use civil law to deny me of the statutory rights afforded me by the DPA98 and then refused to discuss the matter further. Well if they can't use civil law to deny me of a DPA98 right, then how can their policy be correct?
The UK data Watchdog has left me totally confused and have made it clear that they refuse to discuss the matter further. They've also done the same thing with online marketing - telling me last week that online marketing in a logged in account area is not direct marketing but telling me this week that it is. They confirmed that Barclays are likely to be contravening my section 11 DPA98 request not to target me with direct marketing by displaying advertising banners on my online banking pages. But of course, the ICO won't take action against real companies - instead they prefer to bully and mock the public sector.
How they have the nerve to call another organisation daft is beyond me. They've gone right downhill in recent years. I assume that all the good staff have moved on and we're left with a bunch of jokers.
If they could put stuff in the destruction room that they shouldn't
They could probably take stuff out that they shouldn't.
Tip of the iceberg.
The ICO are a bunch of useless toothless wimps. They talk big but with every breach they chicken out of imposing the penalties that they have the power to use. Every time it happens they slap a few wrists and make the organisations concerned promise not to do it again.
They need to penalise properly all organisations who break the DPA. And no I don't buy the fact that stiffer penalties would only encourage organisations to cover up data breaches. That is a stupid argument, you could use it to justify leniency in almost any law. All you need to do is make the penalty for failing to report a data breach much stiffer than those for the breach.
Anyone else wondering exactly how much physical space 10,000 patient records occupy?
We're talking 20 reams worth of A4 minimum, plus covering folders, and that assumes they only have one page each.
That strikes me as being a respectable pile of archive boxes stacked up in a corner.
I wonder how big their destruction room is?
"There're no more beds on the wards and this old lady needs to stay in tonight."
"There are some. I one that was free in the mortuary."
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- 'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
- You stupid BRICK! PCs running Avast AV can't handle Windows fixes