BreachExchange mailing list archives
Lost or stolen: dozens of NHS and council computers with personal data
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sun, 29 Aug 2010 21:30:24 -0400
http://news.stv.tv/scotland/194476-lost-or-stolen-dozens-of-computers-with-personal-data/ Scores of computers, USB sticks and mobile phones were lost by Scotland's public bodies in just a few months - including many containing unencrypted personal information. The figures, released on Sunday, reveal that one council - the West Lothian authority - had 20 laptops stolen between February and July this year. A laptop stolen from one health board, NHS Ayrshire and Arran, included information on more than 100 individuals in a needle exchange programme. While that information was encrypted, the figures reveal that much of the data lost was not. That included files on 56 patients and 107 staff at NHS Forth Valley and 10 client reports on a USB stick lost by Renfrewshire Council in June. They also show that only a small proportion of the dozens of items lost or stolen have been recovered. West Dunbartonshire Council said it had lost 60 computers from schools and six USB sticks between December 2009 and April this year. The figures were collated by the Liberal Democrats, which said the public would be "rightly worried" by the amount of data lost. The party's justice spokesman, Robert Brown, said: "These are frightening figures. Central government, local councils, NHS boards and the police hold a great deal of information on all of us. Our data is in their hands and we need to know they are taking this responsibility seriously. "Liberal Democrats called for an urgent review into data loss in January. I want to know what the government have done since then and why the situation has not improved. "The government is not in control of the situation. They need to get a grip on this right now." Since December, Greater Glasgow and Clyde NHS Board has reported eight laptops, six hard drives, three PCs, two tablet computers, a ThinkPad, a monitor and a projector as stolen. Two of the laptops were taken from the paediatrics department at Yorkhill in March and a PC was stolen from the X-ray viewing room at the Western Infirmary in April. Meanwhile, in Edinburgh, unencrypted personal data about 10 individuals was lost when five laptops were stolen from a children and families establishment. In total, 60 PCs, six laptops and 11 USB sticks were lost while 14 PCs, 50 laptops, 7 computer hard drives and four mobile phones were stolen. A Scottish Government spokesman said: "We take data security very seriously indeed and have set robust standards for the storage and transmission of data. The people of Scotland quite rightly expect nothing less. "We expect the same high standards of public sector bodies. However, it remains the responsibility of individual police forces, local authorities and health boards to ensure that personal or sensitive information is stored securely." _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Lost or stolen: dozens of NHS and council computers with personal data Jake Kouns (Aug 29)