A recent news story has highlighted how a Central London
Community Healthcare (CLCH) NHS Trust has been fined £90,000 after a serious
breach of the Data Protection Act.
The
breach occurred in March 2011, following on from patient lists being faxed to
the wrong recipient, around 45 faxes over a three month period. The lists had
contained sensitive personal data relating to 59 individuals.
An
investigation from the ICO into the data breach found that neither member of
staff involved with the breach had received data protection training and that
the organisation did not have adequate checks in place when sending
information.
The
handling of public data has been a popular news topic recently with various
government officials being penalised for not providing the necessary care in
handling such information. But surely all organisations handling such data
should be putting vigorous processes and robust systems in place to manage all
corporate information, especially that of a sensitive nature, if not because of
the media furore that ensues after a breach is found then certainly for
operational reasons?
Through
the use – and regular review – of such processes and systems, fines such as those
imposed by the ICO can be avoided.
This
case has highlighted that organisations are not only failing to protect their
clients’ or patients’ data, but are also failing to protect themselves when it
comes to the data which they handle and the systems which support them.
By not
having a reliable system in place – both in terms of IT infrastructure and
internal practises – organisations are letting down their clients, customers
and indeed anyone whose information that they hold, and ultimately undermining
their own long-term stability.
