BreachExchange mailing list archives
Widespread data-snooping revealed in Yorkshire’s public sector
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 14 Jan 2011 02:16:17 -0500
http://www.computerworlduk.com/news/security/3256455/widespread-data-snooping-revealed-in-yorkshires-public-sector/ Criminal records and private medical information accessed inappropriately Newly-released disciplinary records for police forces, NHS trusts and local councils in Yorkshire have revealed that data protection breaches have been widespread in the region over the past few years. An investigation by regional paper Yorkshire Post has discovered cases where public sector workers have been reprimanded for offences ranging from running inappropriate criminal record checks on family members, to looking up private medical test results. Most data protection breaches took place at Yorkshire’s four police forces, Humberside Police, North Yorkshire Police, South Yorkshire Police and West Yorkshire police. Microsoft cloud data breach heralds shape of things to come Information Commissioner hands out first data breach fines ICO: Business lags public sector in data protection awareness At Humberside, a total 31 members of staff had been disciplined over the past few years for inappropriately accessing data, with one employee being dismissed. Cases included one CID officer who ran a criminal record check on his nephew, an incident resolution officer who looked up information on their step-daughter’s new boyfriend, and a traffic officer who checked his mother’s neighbour’s criminal records after his mother was burgled. This is despite the force having a “dedicated team of experienced individuals” who focus on maintaining the “integrity and security” of its databases, according to Humberside’s head of professional standards, superintendent Ray Higgins. Over the past three years, North Yorkshire Police said it had reprimanded staff and officers over 39 cases. “The use of restricted force data systems and email is monitored. This enables the force to identify any non-compliance and to investigate any suspected transgressions,” Assistant Chief Constable Sue Cross at North Yorkshire told the Yorkshire Post. “A full range of sanctions are available to deal with the relatively small number of individuals who breach force policies, including verbal advice, written warnings, formal reprimands and, in the most serious cases, dismissal.” Furthermore, South Yorkshire Police reported 48 cases of data protection breaches since 2005, while West Yorkshire had 22 cases of inappropriate access of data and 26 cases of police staff conducting unspecified ‘misuse of computer offences’. West Yorkshire was also forced to send written warnings in November to around 70 staff members who looked up the criminal records of a TV talent show contest contestant following the appearance of allegations about her in the tabloids. Meanwhile, data protection breaches also occurred in nine of Yorkshire’s NHS trusts, including Wakefield, Barnsley, Rotherham and Doncaster. At Doncaster and Bassetlaw Hospitals NHS Trust, a nurse was dismissed, but then reinstated on appeal, after she accessed private medical test results of her daughter’s father. A clerk was also given a written warning after looking up her brother’s test results. A spokesperson for the trust told Yorkshire Post: "We take data security very seriously and have a number of means of ensuring that patients' personal data is not accessed inappropriately. All six cases of inappropriate access to medical records related to an individual's colleague, partner, or relative – and while this is inexcusable, it does not indicate misuse of the millions of patient records we hold." However, a receptionist at a hospital in Sheffield was also caught collating patients’ personal contact records and using them for market research in her second job. In seven of Yorkshire’s 22 councils, staff were disciplined for accessing private data on members of the public, including two at Wakefield Council who looked up information on family members. Meanwhile, at Rotherham Borough Council, an audit and finance officer resigned after being caught accessing the records of 72 neighbours to satisfy their “personal curiosity”. A spokesperson for the Information Commissioner’s Office (ICO) said: “As with many organisations that hold a significant amount of personal data, we have regular contact with a range of public authorities regarding allegations of staff inappropriately accessing records. "The usual and most appropriate outcome in these cases is disciplinary action taken by the employer. However, where that employee is accessing records for personal gain, such as selling the data on to third parties, the ICO may open a criminal investigation.” _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Widespread data-snooping revealed in Yorkshire’s public sector Jake Kouns (Jan 15)