Feeds

Reckless loss of laptop data? ICO calls for stiff fines

Parking a laptop without due care and attention...

Securing Web Applications Made Simple and Scalable

Information Commissioner Richard Thomas told the House of Lords this week that doctors should be fined up to £5,000 if they lose confidential patient data.

Giving evidence to the House of Lords Constitution Committee, Thomas said: "If a doctor, or hospital [worker] leaves a laptop containing patients' records in his car and it is stolen, it is hard to see that is anything but gross negligence," The Times reports.

Anyone judged guilty of "knowingly or recklessly flouting data protection principles" would face a £5,000 fine in a magistrates court or an unlimited amount in a Crown Court.

Sounds like a good idea to us, but why stop with doctors? Presumably, spooks in Vauxhall who leave laptops in wine bars will face even heftier fines. And other arms of government should not be exempt - figures from 2005 revealed that the Home Office lost an impressive 95 computers between January 2005 and June 2005. The Ministry of Defence lost almost 600 laptops over five years - one of which, complete with sensitive files, turned up in a council tip.

Thomas said the aim was not to create individual victims, but a deterrent was needed. He said anyone with confidential data on a computer should know the basics of encryption.

Encryption firm PGP was one of several vendors licking its lips at this proposal.

Jamie Cowper, director of European Marketing at PGP Corporation, said: "On the one hand, this is great news for patient rights groups. Given the recent spate of data breaches at NHS trusts, perhaps Richard Thomas's approach of hard compulsion is the only way to get the medical establishment to take this problem seriously.

"However, by placing the emphasis on protecting the device - specifically laptops - rather than the confidential data itself, he could be accused of treating the symptoms of this problem, rather than providing a cure.

"What's more, it's not fair to expect doctors to be data security experts."

A BMA spokesman said:“Records kept on a computer should be treated the same way as those kept on paper. If GPs are taking them out of the practice they obviously need to ensure they are protected. But the key thing is that the rules are applied sensibly. It would be completely unreasonable for doctors to be penalised if records were stolen after they had done everything in their power to ensure their safety.”

There's more from The Times here. Archived audio of the evidence given to the Lords Committee is here. ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.