BreachExchange mailing list archives
Health trust fined £175k for publishing 1,300 employees' sensitive data online
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 13 Sep 2012 02:52:12 -0400
http://www.wsandb.co.uk/wsb/news/2204909/health-trust-fined-gbp175k-for-publishing-1-300-employee-s-sensitive-data-online A health trust has been fined £175,000 by the Information Commissioner’s Office for publishing the personal details of 1,373 staff members on its website. The data covered the equality and diversity responses of the workers and included names, dates of birth, National Insurance numbers and other sensitive information about the person's religion and sexuality. Torbay Care Trust uploaded a spreadsheet on its website in April and only rectified the mistake when it was reported by a member of the public 19 weeks later. The Trust has now introduced a new web management policy to make sure personal data is not mistakenly published on their website in the future following an ICO investigation which found that the Trust had no guidance for staff on what information shouldn't be published online and had inadequate checks in place to identify potential problems. ICO head of enforcement Stephen Eckersley said: "We regularly speak with organisations across the health service to remind them of the need to look after people's data. "The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable. Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud. "While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information. We are pleased that the Trust is now taking action to keep their employees' details secure," he added. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Health trust fined £175k for publishing 1,300 employees' sensitive data online Jake Kouns (Sep 14)