Careless care charity loses unencrypted patient data stick

A care provider with offices in the Isle of Man and Northern Ireland has committed to improving its data protection standards after losing a memory stick containing unencrypted patient data.

The charity, Praxis Care, lost the memory stick in August 2011.

The device held personal information relating to 107 Isle of Man residents and 53 individuals from Northern Ireland, which in some cases related to their mental health and care. It has not been recovered, according to the Information Commissioner's Office (ICO).

The organisation has now undertaken to make sure that all portable devices that hold personal data are encrypted and any personal information that it no longer needs will be disposed of securely in line with its updated data security guidance, the ICO said.

Praxis Care - which looks after adults and children with learning disabilities, mental ill health and similar difficulties - said that it would improve its data protection after a joint ruling by the ICO and the Office of the Data Protection Supervisor for the Isle of Man.

Christopher Graham, the information commissioner, said: "Carrying people's personal information around on an unencrypted memory stick is clearly unacceptable. The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.

"The ICO will continue to work closely with other data protection regulators where it is clear that a data breach extends across national boundaries."

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.