Feeds

Reckless loss of laptop data? ICO calls for stiff fines

Parking a laptop without due care and attention...

Choosing a cloud hosting partner with confidence

Information Commissioner Richard Thomas told the House of Lords this week that doctors should be fined up to £5,000 if they lose confidential patient data.

Giving evidence to the House of Lords Constitution Committee, Thomas said: "If a doctor, or hospital [worker] leaves a laptop containing patients' records in his car and it is stolen, it is hard to see that is anything but gross negligence," The Times reports.

Anyone judged guilty of "knowingly or recklessly flouting data protection principles" would face a £5,000 fine in a magistrates court or an unlimited amount in a Crown Court.

Sounds like a good idea to us, but why stop with doctors? Presumably, spooks in Vauxhall who leave laptops in wine bars will face even heftier fines. And other arms of government should not be exempt - figures from 2005 revealed that the Home Office lost an impressive 95 computers between January 2005 and June 2005. The Ministry of Defence lost almost 600 laptops over five years - one of which, complete with sensitive files, turned up in a council tip.

Thomas said the aim was not to create individual victims, but a deterrent was needed. He said anyone with confidential data on a computer should know the basics of encryption.

Encryption firm PGP was one of several vendors licking its lips at this proposal.

Jamie Cowper, director of European Marketing at PGP Corporation, said: "On the one hand, this is great news for patient rights groups. Given the recent spate of data breaches at NHS trusts, perhaps Richard Thomas's approach of hard compulsion is the only way to get the medical establishment to take this problem seriously.

"However, by placing the emphasis on protecting the device - specifically laptops - rather than the confidential data itself, he could be accused of treating the symptoms of this problem, rather than providing a cure.

"What's more, it's not fair to expect doctors to be data security experts."

A BMA spokesman said:“Records kept on a computer should be treated the same way as those kept on paper. If GPs are taking them out of the practice they obviously need to ensure they are protected. But the key thing is that the rules are applied sensibly. It would be completely unreasonable for doctors to be penalised if records were stolen after they had done everything in their power to ensure their safety.”

There's more from The Times here. Archived audio of the evidence given to the Lords Committee is here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED
Classified systems 'not affected' - but, is this reconnaissance?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.