Back
Stark security warning for the public sector
26 Apr 2011
Data destruction experts are warning public sector institutions to thoroughly destroy confidential information following the latest security leak at NHS Birmingham East and North.
The Information Commissioner’s Office (ICO) today reported that NHS Birmingham East and North breached the Data Protection Act by failing to restrict access to files on their IT network. The breach meant that some NHS staff at their own Trust and two other NHS Trusts could have access to confidential information.
This latest case follows 2,565 data breaches recorded since April 2010, when the ICO first had the power to implement fines of up to £500,000. Approximately 59 percent* of all data breaches are related to private companies. However 80 percent of all fines given out have been inflicted on public bodies, showing the serious nature of these issues.
Anthony Pearlgood, commercial director of PHS Maxitech, said:
“Public sector identity fraud is on the rise; the yearly cost of fraud to the UK has leapt to £38.4 billion**. This is a question of national security, public institutions are now legally bound to protect our records and permanently destroy data when no longer needed. Confidential information is not just limited to physical copies of documents and data on laptops, memory sticks and disks must also be treated in a secure and confidential manner.”
Tips to prevent public sector data leaks
1. Create a confidential data policy – if you don’t have one already you are already in the high risk category for being a victim of data theft.
2. Store & dispose of data safely – don’t assume that binning it is the end of the matter. Criminals often rifle through bins in car parks where confidential data has been poorly disposed.
3. Destroy data properly – Arrange for a properly accredited company to help store, collect and securely destroy information. Ensure you know where your data is heading. Even better, have your data destroyed on site, using a mobile shredding vehicle and watch the destruction.
4. Check identities – use credit reference agencies to verify the identity of your preferred suppliers.
5. Secure your accounts – don’t allow bank details to escape into the public domain. Thieves are adept at falsifying signatures.
6. Inform staff – train staff on how to deal with confidential data properly and monitor their behaviour. Remember, most fraud is committed by people who work within the organisation.
7. Beware of carrying large amounts of confidential data on unencrypted laptops, data sticks or mobile devices such as Blackberrys and iPhones. These small portable gadgets are magnets for thieves who can exploit your confidential information.
*Figures obtained by encryption specialist ViaSat under the Freedom of Information Act
**Figure from National Fraud Authority
