The latest in a string of data losses from an NHS body are the consequence of a lack of training, awareness and poor communication of policy.
In this latest breach an unencrypted USB stick was lost on a train by a junior doctor after he recorded details of patients’ conditions and medication in order to work from home. The doctor from East & North Hertfordshire NHS Trust intended to hand the stick to another doctor, but accidentally took it home intending to forward the data electronically and lost the unprotected device on a train.
An ICO statement said the trust’s policies on the use of personal USB sticks were not clear and no technical measures were in place to prevent misuse of portable devices.
Peter Gibson from the trust said its computers would now only recognise its own encrypted memory sticks.
“The encrypted sticks are the only ones on which information can be put, whatever that information is, and that makes them completely safe in terms of if they are ever lost, no-one can ever access the information.”
Organsations who wish to enhance the security of their critical data when on the move will find the Kanguru Defender Elite AES Hardware Encrypted USB Drive to be the solution they are looking for. Remote management is administered using Kanguru Remote Management Console (KRMC), an industry-leading management application for securing/managing flash drives.
Using KRMC with your Kanguru Defender Elite allows administrators to:
Mick Gorrill, head of enforcement at the ICO, said: “Storing sensitive personal data on unencrypted data sticks is a risk trusts should not be willing to take.
“If it is vital to store information for handover, this must be done with the highest security measures in place.”
The Kanguru Defender Elite is one of the world’s most manageable, secure flash drives and has been designed to address stringent security regulations and policies. It does so in a cost-effective and scalable manner. Buy yours directly from the IT Governance online shop.
Training and Awareness
The Trust has also agreed to provide training for all staff who have access to personal information. Data Protection Awareness Posters are an effective way to raise awareness within a business environment. Order these posters today and start your awareness campaign for DPA compliance!
Organisation will also benefit by sending key personnel on our popular Data Protection Act (DPA) 1-Day Course. The next course will be on 12 October in London.