Praxis Care gets slapped wrist from ICO

Health provider Praxis Care has been found in breach of the Data Protection Act by the Information Commissioner’s Office (ICO) after losing an unencrypted memory stick.

Download this free guide

2018 UK IT Priorities survey results

IT organisations in the UK and across Europe are starting to accelerate the move to the cloud. Read more about the key areas in which senior IT managers are planning to invest in over the next 12 months.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The stick containing personal information of 107 Isle of Man residents and 53 individuals from Northern Ireland was lost on the Isle of Man in August 2011. Some of the information related to individuals’ care and mental health. The stick has not been recovered, but Praxis has informed all affected individuals.

Praxis had a joint action taken against it by the Information Commissioner’s Office (ICO) and the Office of the Data Protection Supervisor (ODPS) for the Isle of Man.

Christopher Graham, UK Information Commissioner, said: “Carrying people’s personal information around on an unencrypted memory stick is clearly unacceptable. The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.”

Praxis said it has now committed to making sure that all portable devices used to store personal data are encrypted.

But Chris McIntosh, CEO of security provider ViaSat UK, said the ICO should take tougher action on such data breaches. 

“In this case, Praxis was lucky to only receive an undertaking. Lessons it and others should take from this are that sensitive data should be encrypted at all times and should not be kept when it is no longer useful. At the same time, the ICO should not stop lobbying for more powers to enforce its responsibilities,” he said.