By Rebecca Surtees
Government data loss has been in the news all year – not a day goes by without another tale of lost discs or stolen laptops. Of course, people are concerned about this – and why shouldn’t they be? Some of their details are probably floating around on an unencrypted memory stick on the verge of being ‘misplaced’ or sitting on an unprotected database waiting to be hacked.
A recent report suggests that the NHS is next in the firing line. According to a survey carried out by one of London’s top teaching hospitals, over three quarters of the hospital’s memory stick-wielding clinicians are roaming the capital with sensitive patient data alongside their holiday snaps – and worst of all, only six percent of these devices are using security measures to safeguard the data.
This got me thinking about my own public sector data loss experiences – for instance, being informed by my local hospital’s receptionist that I “hadn’t been born according to the system records”, while waiting in agony with a fractured ankle. Having also been spun the classic line that the x-rays and blood test results I’d been chasing for weeks had been (mysteriously) ‘lost in the system’, people might just say I’m harping on about bad experiences, but the cynic (and tech PR) in me says it’s more than that.
OK, these survey findings are just a snapshot from one institution, but who’s to say they don’t reflect other areas of the NHS? In today’s tech climate, and judging by the data loss fiascos so far, simple password protection that can be cracked in a matter of seconds just isn’t good enough where patient records are concerned – let alone allowing staff to remove such personal data from the workplace in the first instance.
Managing data on portable devices has long been a tricky subject for organisations of all kinds. However, not only should sensitive information be encrypted as standard, but the Government must also be seen to be actively educating public sector users on safe data practices, as well as enforcing internal security policies.
One thing’s for sure - if the necessary measures aren’t taken, the data protection road can only get rockier.
Comments