The Chief Executive of the Maidstone And Tunbridge Wells NHS Trust has signed an agreement with the Information Commissioner's Office to better protect data. Data encryption software was used sporadically by the trust, and this had resulted in the breach of patient data.
A laptop computer used in the Audiology Department was stolen from the NHS trust in July 2009. It contained the information for 33 patients. In August, three laptops computers were also stolen. However, these were better protected--they used encryption software. (Hmm. Were these encrypted as a result of the July breach? Or were they already encrypted, with the unencrypted laptop from the Audiology department being an unfortunate oversight?)
A laptop computer used in the Audiology Department was stolen from the NHS trust in July 2009. It contained the information for 33 patients.
In August, three laptops computers were also stolen. However, these were better protected--they used encryption software. (Hmm. Were these encrypted as a result of the July breach? Or were they already encrypted, with the unencrypted laptop from the Audiology department being an unfortunate oversight?)
The NHS trust has agreed to use encryption on any laptops and other removable media with personal information within six months. Also, it has agreed to "implement any other measures to ensure against unauthorised [sic] or unlawful processing, accidental loss, destruction and/or damage" of personal data. That's a pretty tall order. I know that deploying encryption in six months is more that feasible with the correct encryption software. For example, AlertBoot could easily allow the deployment of encryption software for one hundred computers a day. This is because AlertBoot is a centrally managed encryption software that uses the internet for deployment. But what about the second part? How do you ensure accidental loss or destruction or damage does not occur? You can't; otherwise, it can't be deemed an accident, can it? There's a reason why accidents are called accidents and not "prevent-cidents." They happen when you're not expecting them.
The NHS trust has agreed to use encryption on any laptops and other removable media with personal information within six months. Also, it has agreed to "implement any other measures to ensure against unauthorised [sic] or unlawful processing, accidental loss, destruction and/or damage" of personal data.
That's a pretty tall order. I know that deploying encryption in six months is more that feasible with the correct encryption software. For example, AlertBoot could easily allow the deployment of encryption software for one hundred computers a day. This is because AlertBoot is a centrally managed encryption software that uses the internet for deployment.
But what about the second part? How do you ensure accidental loss or destruction or damage does not occur? You can't; otherwise, it can't be deemed an accident, can it?
There's a reason why accidents are called accidents and not "prevent-cidents." They happen when you're not expecting them.
Why do people use FDE on laptops and external hard disks? Because, in the event that such devices are stolen or go missing, people's information will not be released to the general public (meaning, ID thieves and other scum of the earth). I doubt the NHS Trust above will be able to abide by everything they've promised to do. What are they gonna do, not allow coffee near any laptops? Glue them to the top of desks so that they won't fall to the ground and break, resulting in the destruction of the machine and the personal data in it? However, the use of encryption like AlertBoot should go a long way towards being in compliance with the Information Commissioner.
Why do people use FDE on laptops and external hard disks? Because, in the event that such devices are stolen or go missing, people's information will not be released to the general public (meaning, ID thieves and other scum of the earth).
I doubt the NHS Trust above will be able to abide by everything they've promised to do. What are they gonna do, not allow coffee near any laptops? Glue them to the top of desks so that they won't fall to the ground and break, resulting in the destruction of the machine and the personal data in it?
However, the use of encryption like AlertBoot should go a long way towards being in compliance with the Information Commissioner.
Related Articles and Sites:http://www.ico.gov.uk/upload/documents/library/data_protection/notices/maidstone_and_tunbridge_wells_nhs_trust_undertaking.pdfhttp://www.databreaches.net/?p=8197http://wiki.openrightsgroup.org/wiki/UK_Privacy_Debacles