Lost or stolen: dozens of NHS and council computers with personal data

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://news.stv.tv/scotland/194476-lost-or-stolen-dozens-of-computers-with-personal-data/

Scores of computers, USB sticks and mobile phones were lost by
Scotland's public bodies in just a few months - including many
containing unencrypted personal information.

The figures, released on Sunday, reveal that one council - the West
Lothian authority - had 20 laptops stolen between February and July
this year.

A laptop stolen from one health board, NHS Ayrshire and Arran,
included information on more than 100 individuals in a needle exchange
programme.

While that information was encrypted, the figures reveal that much of
the data lost was not. That included files on 56 patients and 107
staff at NHS Forth Valley and 10 client reports on a USB stick lost by
Renfrewshire Council in June.

They also show that only a small proportion of the dozens of items
lost or stolen have been recovered.

West Dunbartonshire Council said it had lost 60 computers from schools
and six USB sticks between December 2009 and April this year.

The figures were collated by the Liberal Democrats, which said the
public would be "rightly worried" by the amount of data lost.

The party's justice spokesman, Robert Brown, said: "These are
frightening figures. Central government, local councils, NHS boards
and the police hold a great deal of information on all of us. Our data
is in their hands and we need to know they are taking this
responsibility seriously.

"Liberal Democrats called for an urgent review into data loss in
January. I want to know what the government have done since then and
why the situation has not improved.

"The government is not in control of the situation. They need to get a
grip on this right now."

Since December, Greater Glasgow and Clyde NHS Board has reported eight
laptops, six hard drives, three PCs, two tablet computers, a ThinkPad,
a monitor and a projector as stolen.

Two of the laptops were taken from the paediatrics department at
Yorkhill in March and a PC was stolen from the X-ray viewing room at
the Western Infirmary in April.

Meanwhile, in Edinburgh, unencrypted personal data about 10
individuals was lost when five laptops were stolen from a children and
families establishment.

In total, 60 PCs, six laptops and 11 USB sticks were lost while 14
PCs, 50 laptops, 7 computer hard drives and four mobile phones were
stolen.

A Scottish Government spokesman said: "We take data security very
seriously indeed and have set robust standards for the storage and
transmission of data. The people of Scotland quite rightly expect
nothing less.

"We expect the same high standards of public sector bodies. However,
it remains the responsibility of individual police forces, local
authorities and health boards to ensure that personal or sensitive
information is stored securely."
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php