| As shown in the eWeek article, an NHS worker in the secure mental health unit of a Scottish
hospital has been suspended, after losing a USB stick containing
patients’ medical records.
According to local newspaper reports, the USB stick contained
unencrypted sensitive information – including the criminal histories of
some violent patients at the Tryst Park unit at Bellsdyke psychiatric
hospital. It was found by a 12-year-old boy in the car park of an Asda
supermarket in nearby Stenhousemuir.
Imagine what a creative 12-year-old boy could do with this information? Wonder what would have happened if the boy had not turned it in?
Data fines are not enough to reinforce to public sector institutions that trust and consumer faith in their abilities includes the ability to keep our information private and secure. Having a privacy audit scheme that is mandatory for all public sector institutions is one way to instill the correct attitude towards consumer privacy rights.
As many private sector firms do not allow workers to leave the office with USB keys, is this not a good policy for public sector institutions? Outbound e-mails can be checked as to what attachments are being sent out, but physical media such as USB sticks are not easily audited.
Stakeholders here are not just the general public, but the government as well. Faith in governmental institutions is impacted when any of them are implicated in privacy data loss.