The Information Commissioner’s Office in Ireland fined the Belfast Health and Social Care Trust £225,000 for leaving paper documents, some of which included patient records, in a disused hospital. The fine was the second largest ever issued by the ICO.
Belfast’s Belvoir Park Hospital was shut down in 2006 but trespassers gained entrance on several occasions, despite security guards patrolling the site and CCTV cameras being installed on the premises. The illegal entrants photographed patient records that had been left behind and subsequently posted them on the Internet.
According to an Information Age article, the Trust was unaware of the security breach until 2010, when they were alerted by the media. They increased security and launched an investigation that found several thousand patient X-ray images, medical records and employee pay slips – some dated as far back as the 1950s.
The ICO said the fine was issued because the Trust didn’t take significant precautions to ensure protection of sensitive, personal data.
“The Trust failed to take appropriate action to keep the information secure, leaving sensitive information at a hospital site that was clearly no longer fit for purpose,” said Ken Macdonald, the ICO’s Assistant Commissioner for Northern Ireland, in a statement. “The people involved would also have suffered additional distress as a result of the posting of this data on the Internet.”
In addition to sensitive information being exposed, the ICO also factored in that the Trust did not immediately alert them in a timely manner that a breach had occurred. However, if the Trust pays the fine by July 16, it will only have to pay £180,000 as its penalty.
When businesses and organizations don’t instill proper security protocols with private information, they risk not only customer information being exposed, but also their own reputations. Toronto-based firms would be wise to pair with a document disposal service, to ensure that any leftover records do not fall into the wrong hands.
Powered by Facebook Comments