Colchester University Hospital has fired a manager after his laptop was stolen.
The laptop reportedly contained the names, addresses and treatment plans for several thousand patients in unencrypted data. It was stolen from the manager's car in June
Peter Murphy, chief executive of Colchester Hospital University NHS Foundation Trust, said: “Following a disciplinary hearing held on Friday after a detailed investigation, the senior manager whose hospital laptop computer was stolen has been dismissed from the Trust with immediate effect. The unanimous decision of the disciplinary panel sends out a clear statement about how seriously the Trust takes security and patient confidentiality. I again apologise for the distress the theft of this laptop may have caused.”
The hospital, in completing the recommendations from the investigation report, will be engaging an external consultancy to carry out an independent assessment of the Trust's procedures and protocols on data security.
Jamie Cowper, director of Marketing EMEA at PGP Corporation, commented: “This latest incident again demonstrates the serious problems with security that exist within the public sector – but also shows that disciplinary bodies are getting increasingly tough with those people that contravene data protection policies. Clearly, the public sector wants to be seen to be addressing this problem.
“However, while the weakest link in data protection is more often than not the end user, the real lesson to be learnt here is that technologies such as encryption should be implemented and managed on an enterprise-wide basis, not left up to the individual. Unless there is evidence of grievous misconduct, the responsibility for data security should lie with the organisation as a whole – and that means that in cases such as this, punishment should be top down rather than bottom up.”