NHS accounts for 30% of data breaches in past two years

Over 200 NHS...

Over 200 NHS organisations have admitted to losing sensitive personal information in the past two years, according to the Information Commissioner's Office (ICO).

These data breaches account for nearly 30% of all data breaches reported to the ICO since HMRC lost 25 million child benefit records in November 2007.

Nearly a third (32%) of all breaches reported involved theft.

The ICO said it has investigated organisations, including several NHS bodies, that have failed to secure their premises and hardware adequately.

Mick Gorrill, assistant commissioner for investigations, said organisations, especially NHS bodies, should ensure the level of security is appropriate for the type of data they are holding.

The ICO has taken action against 54 organisations for the most reckless breaches in that time, said David Smith, deputy information commissioner.

"We expect the prospect of a significant fine [from 2010] for reckless or deliberate data breaches will focus minds at board level," he said.

UK organisations that break data protection rules could face fines of up to £500,000 under new ICO powers scheduled to come in to force from next year.

The new powers will give the ICO formal inspection powers across government.

The ICO will also increase its auditing role to ensure greater compliance with the Data Protection Act.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.