BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

UK doctors’ personal data found on used hard drive sold online

From: Christine Fulgham <christine () opensecurityfoundation org>
Date: Thu, 14 Oct 2010 16:25:49 -0400
http://www.databreaches.net/?p=14667


There have been many instances in the U.S. of  personal data showing up on
equipment sold at online and offline auctions.  Once such case in the U.K.
involved doctors’ data and the company responsible for the data, Healthcare
Locums Plc (HCL), a UK specialist healthcare recruitment agency,  has now
been found in breach of the  Data Protection Act (DPA).

The Information Commissioner’s Office (ICO) was first informed of the breach
when HCL confirmed that a hard drive containing doctors’ security clearance
and visa information had been sold on an auction website before being
returned. Inquiries established that the equipment was last recorded as
being transferred from HCL’s Skipton branch to its branch in Loughton
earlier this year. Because HCL had no inventory list for the transfer, it
failed to realize the storage device had gone missing until it was reported
by a member of the public. The device was eventually returned to the agency
and wiped in June 2010.

Mo Dedat, Chief Operating Officer of Healthcare Locums Plc, has signed a
formal Undertaking outlining that the organization will ensure contracts are
put in place between the organization and any contractors it uses to process
personal data on its behalf. Healthcare Locums will also ensure that records
of equipment used to process personal data are maintained and updated in
order to ensure any similar incidents are detected quickly and handled
appropriately.

A full copy of the Undertaking can be found here:

http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: