Mid Staffs stuffed – but we can all learn from it?

Mid Staffs NHS Foundation Trust is one of the latest organisations to agree to give an undertaking to the Information Commissioner as a result of a data protection security breach.  However, the circumstances of the breach are, we suspect, so routine that almost all organisations could learn from it.

This was not the standard “lost/stolen laptop” or “lost USB key” breach, but involved an eager member of the Trust’s (human resources) staff sending (sensitive) personal data to a home computer to finish off some work at home.  The personal data was not encrypted or secured by a password.  This transfer was in breach of the Trust’s policy, but the lack of physical security measures to prevent the transfer was heavily criticised.

Mick Gorrill, the Assistant Information Commissioner, said:

I strongly advise organisations to avoice instances where employees can download and transfer personal information to home computers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s