Search

Brian Pennington

A blog about Cyber Security & Compliance

Month

March 2014

Health sector needs to improve its data protection

The Information Commissioner’s Office report on how organisations providing secondary health care are complying with the Data Protection Act and highlights areas that need improvement.

The report summarises the results of 19 audits, mostly against NHS Trusts.

The audits looked at how personal data is handled by the organisation, and fit alongside NHS information governance guidelines. The organisations voluntarily agreed to work with the ICO to identify good practice and, where necessary, improve procedures relating to the handling of personal data.

The Audits found:

  • All the organisations had data protection policies and procedures in place, though compliance with the policies wasn’t always effectively monitored, for instance through spot checks.
  • All the organisations had a system in place to track health records, though some did not conduct audits for missing files. The physical security of records also varied, with concern raised particularly around unlocked trollies used for moving files.
  • There was also a lack of simple password controls, notably forcing regular password changes.
  • Some organisations had little in the way of fire or flood protection in place for paper records.
  • All organisations had appropriate information governance related risk registers and risk assessments that were regularly reviewed.
  • Concern was raised around the use of fax machines for sending personal information, given the human error associated with using a fax machine.

Before three of the audits, staff were surveyed about their awareness of data protection policies

  • 88% of staff had read and understood the policy in place within their organisation
  • 94% had completed data protection training within the previous year

Claire Chadwick, ICO Team Manager in the Good Practice team, said:

Information about a person’s health tends to be one of the most sensitive types of personal data, and it is clear it must be properly handled.

“Our experiences in these audits suggested that tended to be the case. Only one of the audits suggested a substantial risk of non-compliance with the law, while more than half gave reasonable assurance the law was being complied with.

“By paying attention to this report, more organisations in this sector can ensure they are handling personal information properly. This report is an opportunity to review and improve practices and procedures based on our experiences

The audits followed a letter from the Information Commissioner and the Chief Executive of the NHS Sir David Nicholson to chief executives and finance directors within the NHS.

The full report can be found here.

Advertisements

A third of Canadians are victims of financial fraud

Canadians are taking steps to protect themselves against fraud, according to a survey by the Chartered Professional Accountants of Canada.

The group’s annual look at this issue found:

  • 72% of Canadians shred their banking and credit card statements;
  • 68% are very uncomfortable giving out personal or financial information through email;
  • 61% are very uncomfortable giving out this information on the phone;
  • 59% cover the keypad when entering their PIN number at a retailer or a bank machine;
  • 56% are very uncomfortable logging in to their banking or investment website using a public Wifi network;
  • 51% notify their bank and credit card company when they travel abroad.

The survey also reveals that, despite these efforts:

  • 29% of respondents report being victims of some form of financial fraud
  • 43% know someone who has been a fraud victim

The most common types of fraud reported by victims surveyed were credit and debit card fraud.

The CPAC is an umbrella group for the Canadian accounting profession. Reprinted from the Toronto Star.

Blog at WordPress.com.

Up ↑

%d bloggers like this: