- Security TWENTY
- Women in Security
A Welsh home care provider has been found in breach of the Data Protection Act after the files of ten vulnerable and elderly people were found on a street in Neath Port Talbot.
The papers covered care plans and included sensitive information relating to their health. The data protection watchdog the Information Commissioner’s Office (ICO) found that Neath Care failed to provide their staff with guidance explaining how sensitive personal information should be handled and kept secure when taken outside the office. A lack of basic monitoring also meant that the provider only became aware that the papers were missing when the matter was reported to them by a member of the public.
ICO Assistant Commissioner for Wales, Anne Jones, said: “Nobody expects to find their sensitive personal information lying on the pavement. Taking this type of information outside of the office is an inherent part of running a home care provider. But, the fact that Neath Care did not account for this fact by providing their staff with guidance on how to handle information in this setting, is alarming.
“The provider must now improve their practices in order to protect the vulnerable people they serve. This will include introducing new guidance and training for their staff to make sure people’s information is kept secure and introduce a procedure for keeping a track of when personal information is taken off site.”
For the Neath-based firm’s undertaking under the Data Protection Act 1998 visit the ICO website.
Meanwhile the ICO has given a snapshot of organisations providing secondary health care and how they are complying with the Data Protection Act.
The Cheshire-based watchdog’s report summarises 19 audits carried out primarily with NHS Trusts by the ICO. The audits looked at how personal data is handled by the organisation, and fit alongside NHS information governance guidelines. The organisations voluntarily agreed to work with the ICO to identify good practice and, where necessary, improve procedures.
Topics included training and records management – including in case of flood and fire, which requires business continuity plans – and data sharing.
All the organisations had a system in place to track health records, though some did not conduct audits for missing files. The physical security of records also varied, with concern raised particularly around unlocked trollies used for moving files.
Claire Chadwick, ICO Team Manager in the Good Practice team, said: “Information about a person’s health tends to be one of the most sensitive types of personal data, and it is clear it must be properly handled. Our experiences in these audits suggested that tended to be the case. Only one of the audits suggested a substantial risk of non-compliance with the law, while more than half gave reasonable assurance the law was being complied with.
“By paying attention to this report, more organisations in this sector can ensure they are handling personal information properly. This report is an opportunity to review and improve practices and procedures based on our experiences.”
ICO audits are a free service to provide larger organisations with an assessment of whether they are following good data protection practice.
For the report in full visit – http://ico.org.uk/news/latest_news/2014/~/media/documents/library/Data_Protection/Research_and_reports/outcomes_report_health.pdf