The point to consider here is whether the breaches were contained. It would appear, from the short reference, that the material was recovered. To know it was left at market stall would suggest that it was recovered. If it is recovered, then, per the ICO guidance, the breach is contained. However, the organisation would have to take a risk assessment or damage control assessment to consider whether or if the material was access while out of their control.
What is interesting is how such FOIA requests in the future will work given that it is proposed in the EU DP recommendations that all breaches be reported. I would imagine the ICO will create an online reporting form that allows them to triage the breaches on first notification. Number, severity, type of information, vulnerable or not, and so on.
What this may do is keep organisations from having their own internal breach logs as everything will have been reported to the ICO. In effect, you create an automatic league table and make every organisation transparent regarding their data breaches.
I would also imagine that if a breach is not reported that this will become a hugely aggravating factor (literally and figuratively) so as to "encourage" organisations to report.
However, I am sure that at some point a clever person will learn how to "game" that system as well and (pace Christopher Hood's work) the eternal struggle between bureaucratic control and transparency continues on a new front.
Best,
Lawrence
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 01 November 2012 09:03
To: [log in to unmask]
Subject: Re: [data-protection] Medical records found on top of a parking meter! - BBC report
Chris
I don't think this has even been referred to the ICO. This is disclosure of breach incidents under FOI. Question is - will ICO pick up on it, take action, and consider lack of self-reporting an aggravating factor?
Jonathan
On 1 Nov 2012, at 08:48, "Chris Pounder" <[log in to unmask]<mailto:[log in to unmask]>> wrote:
Solent NHS Trust patient data left at market stall By Katie Grant BBC News
http://www.bbc.co.uk/news/uk-england-hampshire-20156164
Patients' confidential information has been left at a market stall and on top of a parking meter in a series of data breaches by Solent NHS Trust.
A Freedom of Information (FOI) request by the BBC revealed the trust had breached data protection 93 times in the past two years.
Expect a MPN? Norwood Ravenswood Ltd were stung for £70K when highly sensitive information about the care of four young children was lost after being left outside a London home.
C
Dr. C. N. M. Pounder
Director: Amberhawk Training Limited
Phone: 0845 680 2623 or Mob: 07735 365 585
Website: Amberhawk - www.amberhawk.com<http://www.amberhawk.com>
Blog: Hawktalk - http://amberhawk.typepad.com
[cid:image003.jpg@01CDB80D.A8DAF560]
________________________________
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
* To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
* To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>
Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>
(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)
________________________________
Buckinghamshire County Council
Visit our Web Site : http://www.buckscc.gov.uk Buckinghamshire County Council Email Disclaimer
This Email, and any attachments, may contain Protected or Restricted information and is intended solely for the individual to whom it is addressed. It may contain sensitive or protectively marked material and should be handled accordingly. If this Email has been misdirected, please notify the author or [log in to unmask] immediately. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately. Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents.
Buckinghamshire County Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this email.
All GCSx traffic may be subject to recording and / or monitoring in accordance with relevant legislation.
The views expressed in this email are not necessarily those of Buckinghamshire County Council unless explicitly stated.
This footnote also confirms that this email has been swept for content and for the presence of computer viruses.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
________________________________
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|