Government should lead by example over data security management after NHS scandal
Further reports of major data losses shows that the government is not thinking strategically about its data security.
Paul Steiner, managing director of Accellion, claimed that despite greater demands for transparency and the increasing compliance regulation such as the CoCo (Code for Compliance which all UK local authorities now need to meet), poorly policed security policies means that the government must think about how data is transferred securely between users.
A report in The Independent claimed that the personal medical records of tens of thousands of people have been lost by the NHS after it experienced 140 data leaks between January and April this year.
It claimed that some computers containing medical records were left by skips and stolen, while others were left on encrypted disks with the passwords attached to the side.
Assistant Information Commissioner in charge of enforcement, Mick Gorrill, told The Independent that a number of ‘inexcusable' data losses within the NHS had become a cause of great concern.
Mr Gorrill said: “Medical history is very sensitive personal data, which is likely to cause harm or distress. The law dictates they must keep this information confidential, but the NHS is by far the biggest offender within the public sector.
“There needs to be a recognition that this information affects real people and can cause real harm if lost. Just as workers would never disclose information they had been told by a patient, they should also treat information in exactly the same way.”
Steiner claimed that the UK government needs to set an example to fundamentally change the way it moves data. These include replacing CDs and memory sticks with secure, managed systems which routinely encrypt sensitive and large files, bypass email systems to prevent users working around security measures and giving users a full file auditing and tracking capability.