Mid Staffs stuffed – but we can all learn from it?

Mid Staffs NHS Foundation Trust is one of the latest organisations to agree to give an undertaking to the Information Commissioner as a result of a data protection security breach.  However, the circumstances of the breach are, we suspect, so routine that almost all organisations could learn from it.

This was not the standard “lost/stolen laptop” or “lost USB key” breach, but involved an eager member of the Trust’s (human resources) staff sending (sensitive) personal data to a home computer to finish off some work at home.  The personal data was not encrypted or secured by a password.  This transfer was in breach of the Trust’s policy, but the lack of physical security measures to prevent the transfer was heavily criticised.

Mick Gorrill, the Assistant Information Commissioner, said:

I strongly advise organisations to avoice instances where employees can download and transfer personal information to home computers.