Categories
Backup and Storage

ICO urges organisations to step up data protection

The Nursing and Midwifery Council has been fined £150,000 for breaching the Data Protection Act.

The Information Commissioner’s Office (ICO) has urged companies to consider their document storage measures in the wake of a serious data protection breach.

With the big data explosion, many groups, both public and private, have found that data is a high-value commodity and as such it should be protected appropriately and within the framework of the law.

According to the ICO, the Nursing and Midwifery Council was fined with £150,000 for breaching the Data Protection Act.

The council misplaced three DVDs, which contained the confidential personal information and evidence from two vulnerable children. A subsequent ICO investigation found the information contained on the discs was not encrypted.

David Smith, deputy commissioner and director of data protection, said: "It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again."

"While many organisations are aware of the need to keep sensitive paper records secure, they forget that personal data comes in many forms, including audio and video images, all of which must be adequately protected."

He said that in the immediate future, organisations should devote the necessary resources to ensuring that their policy on data is stringent enough to prevent mishaps like this occurring – even in the event of human error.

Mr Smith told groups to ask themselves whether their data protection policy is flexible enough to cover all variants of data and whether the procedures are followed in every individual case, as just one breach can result in a heavy fine.
                                                                                                                      
As well as the monetary penalty, a data breach has significant public trust implications and can have long-lasting problems for those involved.

The ICO said that although the Nursing and Midwifery Council was aware of its data protection responsibilities, it did not apply them to the DVDs, as its existing policy did not cover the format.