Feeds

Reckless loss of laptop data? ICO calls for stiff fines

Parking a laptop without due care and attention...

The essential guide to IT transformation

Information Commissioner Richard Thomas told the House of Lords this week that doctors should be fined up to £5,000 if they lose confidential patient data.

Giving evidence to the House of Lords Constitution Committee, Thomas said: "If a doctor, or hospital [worker] leaves a laptop containing patients' records in his car and it is stolen, it is hard to see that is anything but gross negligence," The Times reports.

Anyone judged guilty of "knowingly or recklessly flouting data protection principles" would face a £5,000 fine in a magistrates court or an unlimited amount in a Crown Court.

Sounds like a good idea to us, but why stop with doctors? Presumably, spooks in Vauxhall who leave laptops in wine bars will face even heftier fines. And other arms of government should not be exempt - figures from 2005 revealed that the Home Office lost an impressive 95 computers between January 2005 and June 2005. The Ministry of Defence lost almost 600 laptops over five years - one of which, complete with sensitive files, turned up in a council tip.

Thomas said the aim was not to create individual victims, but a deterrent was needed. He said anyone with confidential data on a computer should know the basics of encryption.

Encryption firm PGP was one of several vendors licking its lips at this proposal.

Jamie Cowper, director of European Marketing at PGP Corporation, said: "On the one hand, this is great news for patient rights groups. Given the recent spate of data breaches at NHS trusts, perhaps Richard Thomas's approach of hard compulsion is the only way to get the medical establishment to take this problem seriously.

"However, by placing the emphasis on protecting the device - specifically laptops - rather than the confidential data itself, he could be accused of treating the symptoms of this problem, rather than providing a cure.

"What's more, it's not fair to expect doctors to be data security experts."

A BMA spokesman said:“Records kept on a computer should be treated the same way as those kept on paper. If GPs are taking them out of the practice they obviously need to ensure they are protected. But the key thing is that the rules are applied sensibly. It would be completely unreasonable for doctors to be penalised if records were stolen after they had done everything in their power to ensure their safety.”

There's more from The Times here. Archived audio of the evidence given to the Lords Committee is here. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.