Oh no! and another one

That-paper-which-now-looks-really-heavyweight-in-comparison-to-all -the-freebie-showbiz-gossip-rags reports tonight that the personal details of 160,000 children have been lost at a London hospital in a fresh blunder over confidential information.

A computer disc containing the data was sent to St Leonard’s Hospital in Hackney but failed to reach the right department - even though it was signed for by hospital staff. The disc contained the names, dates of birth and addresses of 160,000 children and there were fears the information could be enough for criminals to create fake identities. The blunder occurred when the disc was sent by courier to the Hackney hospital by BT, which operates the NHS’s IT system, on 14 November. It is believed the courier company used by BT did not check that it was signed for by the correct person and the disc never reached its intended destination in the IT department.

A spokeswoman for City and Hackney Primary Care Trust, which runs St Leonard’s Hospital, said “BT couriered a fully encrypted disc containing patient information to City and Hackney PCT. “It was not received by the named recipient, and attempts by the PCT to find the disc have so far failed. All deliveries of personal information have been suspended in light of the breach.” BT today called for parents to remain calm over the latest incident. A spokesman said: “Patients should not be concerned because BT uses the highest levels of security to safeguard the data in its care.

[Er… short of making sure that it or its representatives only hands over the data to the person who is supposed to receive it?]

“All NHS data sent by disc is fully encrypted to industry standards. We apply stringent controls in managing the complex encryption pass phrases necessary for unlocking the data. In this instance the encryption pass phrase would only have been released after one of two named individuals confirmed receipt. This was not confirmed so the encryption pass phrase has not been issued.

Ah… we can relax then. (Though the Standard worries that even 256-bit encryption has recently been shown by researchers to be crackable in two weeks...)

All this attention on missing data is not unhelpful in drawing ordinary people’s attention to a) the volume and frequency of personal data transfers and b) the potential value of their personal data. That’s not a bad thing - probably more effective than a fancy public service advertising campaign. Ruth Carnall, chief executive of NHS London, has asked for an independent review of all NHS data transfer in London. WIBBI all these emergency reviews encompassed a really citizen-centric cost-benefit analysis of centralised data systems.

Published by Ruth Kennedy on 13/12/07 at 5:48pm

Comments

Ahem. Yes, yet another “isolated incident”. They seem to be about as isolated as copies of free newspapers on the evening tube.

Reply by on 12/14/07 at 12:17 am

Next entry: Screw it up , then review it

Previous entry: Privacy impact assemssments are Go!

Ideal Government

Let's say what we want from e-enabled government. Let's observe government first-hand. Let's say "Wouldn't It Be Better If" (WIBBI). Become an ethnographer of bureaucracy today! It beats getting frustrated with public services.

Comment

Anyone is free to comment. Or mail with an article if you want to be an author. I'll post it up and send you a password. This whole thing is supported by Kable.

Authors

Member List

Sign up for new articles

Oh no! and another one

Comments

Ideal Government

Categories

Comment

Authors

Sign up for new articles

Copyright

Designed by...

Statistics

Oh no! and another one

Comments

Ideal Government

Categories

Comment

Sponsor

Authors

Sign up for new articles

Copyright

Designed by...

Statistics