NHS Surrey has been fined £200,000 for a massive oversight in their security procedures. This has caused uproar across the nation as we find ourselves paying the price for their improper handling of sensitive data.
Upon dissolving on the 31st March, NHS Surrey submitted their computers to be cleansed of data and sold at auction. Shockingly, the decision was made to bypass an approved provider onto a free service with no history checks. Presumably, this move was made to save money in the process, but ended up costing everyone else a whole lot more.
A total of 39 computers were reported to have thousands of patient records inside - after being sold in auction. It was then discovered that this sensitive data was also successfully sold online. The UK Information Commissioners Office (ICO) said this was the most serious security breach they have come across and were deeply concerned.
This case serves as a great eye opener to many organisations. Slack security will eventually catch up and cutting corners is a fast way to scandalous reports. This clearly avoidable circumstance arose from a money saving scheme.
Shred-on-Site is an approved provider of media and document destruction. We work closely with the BSIA who hallmark and approve information destruction services across the UK to ensure high standards are met. It is disappointing to see a government institution setting a poor example and handling the situation so regrettably. For a small cost, approved services like Shred-on-Site can securely and efficiently perform these services with no risk.
We want to encourage other business owners to learn the lesson from NHS Surrey. Don’t think you’re invulnerable. The fact is we are all equally susceptible to fraud. It is for these reasons we must invest sufficient resource to be effective when handling data.
This case also shows the moves companies take which put other people in danger. The patients, who were unfortunate enough to have been compromised, were unfairly put at risk. This is another reality we must face. It’s not only our data we have to protect, but it is that of our clients and employees too. It’s easy to think it won’t happen to us, but we don’t have the right to take those chances on other people’s behalf. NHS Surrey did, and we are now paying for their incompetence – some more than others.
Make the smart move and use approved trained and vetted services to provide the best solution for your information destruction needs. We don’t want to duplicate the same case exampled by NHS Surrey; instead we can all make a move to prevent it. Shred-on-Site have the facilities and appropriate certificates which allow us to appropriate in a secure and safe manner. We would certainly appreciate and value your custom, but that is not the purpose of this article.
Whether you use Shred-on-Site or another service, we need to stay secure and comply with the Data Protection Act. This case clearly shows why such legislation exists and we should be doing our upmost to enforce it. If you have any comments, questions or queries, please don’t hesitate to leave a comment or give us a call.
Author: Mark Coombes, Follow me on Google+