JISCMail - DATA-PROTECTION Archives

Simon,
I see your point in that the NHS does receive a lot of attention from the ICO.  I would add the context is very important to these press releases and the wider regulatory framework that they exist within. On the one had NHS have avoided fines (so far).

I think that the ICO focus on the NHS, is, in part, part of a wider regulatory strategy to increase the temperature in the DP pool.  The more these breaches are mentioned, the more it shows the regulatory framework has changed.  The threat of a fine since 1 April 2009 began to increase the temperature.   With the first fine, the temperature went up dramatically.  Organisations that may have risked assessed the possibility of an ICO enforcement as low are now likely to be rethinking their approach and ramping up their work on DP.

The other point to bear in mind is that the NHS is unique in that most of (if not all) of its work involves sensitive personal information.  Unlike a council, which may have a smaller subset of sensitive personal information, the NHS is likely to have a smaller subset of information that is *not sensitive* personal information.  Therein lies the NHS's eternal challenge because the smallest mistake has immediate consequences.


Best,

Lawrence




From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 04 July 2011 11:56
To: [log in to unmask]
Subject: Re: [data-protection] NHS Undertakings

This sort of thing from our illustrious enforcer makes me angry.

The NHS is a HUGE organization, and in the context of the number of "accesses" it makes in a day in dealing with patient information the NHS as a whole is actually pretty good.

The other thing, that I repeat so often, is that the NHS is the only organization MANDATED to report all information losses which means that it appears far worse than it is because a lot of public organizations don't inform anyone when there is a breach below a certain level.

The NHS is one of the ICOs "easy targets" and whilst the NHS is by no means perfect I know for a fact that there are public bodies out there whose information management processes would make your toes curl.

Simon Howarth.


From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 01 July 2011 10:27
To: [log in to unmask]
Subject: [data-protection] NHS Undertakings

The ICO has issued five new undertakings to NHS trusts following breaches of the DPA, and issued a statement saying "The health service needs to do more to keep patients' personal information secure".

Still no s55 fine for NHS though: http://www.ico.gov.uk/~/media/documents/pressreleases/2011/nhs_data_breaches_news_release_20110701.pdf

Jonathan Baines
Legal and Democratic Services
Buckinghamshire County Council
01296 383681





Buckinghamshire County Council

Visit our Web Site : http://www.buckscc.gov.uk

Buckinghamshire County Council Email Disclaimer
This Email, and any attachments, may contain Protected or Restricted information and is intended solely for the individual to whom it is addressed. It may contain sensitive or protectively marked material and should be handled accordingly. If this Email has been misdirected, please notify the author or [log in to unmask] immediately. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately. Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents. Buckinghamshire County Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this e-mail. All GCSx traffic may be subject to recording and / or monitoring in accordance with relevant legislation.



The views expressed in this email are not necessarily those of Buckinghamshire County Council unless explicitly stated.



This footnote also confirms that this email has been swept for content and for the presence of computer viruses.





________________________________

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

 *   Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
 *   Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
 *   To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
 *   To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>

Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>

(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)

________________________________
________________________________

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

 *   Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
 *   Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
 *   To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
 *   To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>

Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>

(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)

________________________________

________________________________

Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^