The search for a responsible supplier choice after NHS £200k fine for data breach

26 Jul 2013

The importance of using a professional information destruction supplier was reinforced last week as it was revealed that the Information Commissioner’s Office (ICO) is to levy a £200,000 fine against the NHS after computers containing patient records were sold on eBay.

The revelation, which the ICO deems “one of the most serious” breaches it has ever witnessed, came after the now dissolved NHS Surrey moved away from an approved information destruction contractor and handed over old computers to a new service provider, without ensuring that the thousands of patient records that the computers contained had been deleted.

Adam Chandler, newly-elected Chairman of the British Security Industry Association’s dedicated Information Destruction Section, believes that this latest development should be a wake-up call for the healthcare sector at large, a fact supported by BSIA research.

Adam says: “Just five months ago, the BSIA issued a stark warning to the healthcare sector, after research commissioned by the Association revealed that a staggering one in four healthcare professionals were aware of a recent data breach within their organisation.

“In this particular case, the NHS Trust in question chose to move away from an accredited supplier, and failed to set minimum standards for delivery of the contract, or carry out the necessary due diligence on their new supplier. This resulted in thousands of patient records effectively ending up in the public domain and serves to reinforce the important role played by professional information destruction companies in keeping our personal and private details safe.”

Stephen Eckersley, the ICO’s Head of Enforcement, said of the decision: “This breach is one of the most serious the ICO has witnessed and the penalty reflects the disturbing circumstances of the case. We should not have to tell organisations to think twice before outsourcing vital services to companies who offer to work for free.”

This lack of understanding among many customers was demonstrated in research carried out in 2011 by the BSIA – the trade body representing the UK’s private security industry – which revealed that in many cases, even those companies who had taken the responsible step to outsource their data disposal still did not know whether their provider complied with the European Standard, EN15713.

Adam Chandler explains: “Compliance to EN15713 should be a basic requirement of any information destruction contract, as it sets minimum standards for the transportation, storage and destruction of sensitive information.

“Even if companies claim to deliver a service at a reduced cost, organisations must remember that the financial cost of data losses can more than outweigh any savings they may make by choosing a less scrupulous supplier. The Information Commissioner’s Office can issue penalty fines of up to £500,000 for the most severe data breach, and each individual record lost costs UK organisations an average of £71[1].”

Members of the BSIA’s Information Destruction Section securely destroy a range of confidential information, including paper, DVDs and computer hard-drives. Section members also destroy items that could potentially cause problems if they fall into the wrong hands, such as branded products and uniforms, and already have extensive experience of supplying data destruction solutions to a wide range of customers, including the healthcare sector.

Adam Chandler adds: “The commitment of BSIA members to best practice enables us to help our customers at a time when their businesses are most at risk from fraud. Almost any kind of personal information is valuable to criminals, whether it is residents’ records, financial reports, payroll information or personnel data. The unlawful use of such information contributes to an explosion of identity theft crimes, which allows criminals to obtain goods, credit or services in someone else’s name and could put the institution, customers, or even suppliers, at risk, as the NHS Surrey case clearly demonstrates.”

For more information about the BSIA and its Information Destruction Section – or to locate a reputable supplier near you – visit www.bsia.co.uk/information-destruction


[1] UK study sponsored by data protection firm, PGP Corporation, in 2010

Kirkham House
John Comyn Drive
WR3 7NS
Worcester, Worcestershire
United Kingdom

See BSIA Ltd at IFSEC International 2018

BSIA Ltd will be exhibiting on Stand F630 at IFSEC International 2018, 19-21 June, ExCeL, London, UK

BSIA looks forward to IFSEC International 2016
Other News

BSIA looks forward to IFSEC International 2016

The BSIA is looking forward to the security industry’s flagship event, IFSEC International.

Read more

Metropolitan Police and Security Awards celebrate thriving partnerships
Product News

Metropolitan Police and Security Awards celebrate thriving partnerships

Individuals and teams from across the private security sector were yesterday recognised for their significant contributions to the work of the police and protection of the public, during the inaugural Metropolitan Police and Security (PaS) awards.

Read more

BSIA confirms Chris Moon as keynote speaker for Annual Luncheon
Other News

BSIA confirms Chris Moon as keynote speaker for Annual Luncheon

Read more

BSIA members selected to secure Glasgow 2014 Commonwealth Games
Other News

BSIA members selected to secure Glasgow 2014 Commonwealth Games

Police Scotland has today announced details of the security suppliers selected to deliver a safe and secure Commonwealth Games in Glasgow this summer.

Read more

BSIA reveals plans for IFSEC 2014
Other News

BSIA reveals plans for IFSEC 2014

With IFSEC International fast approaching, the British Security Industry Association (BSIA) - the trade body representing the UK's private security industry - has revealed its activity plan for this year's exhibition and conference, which makes its Lon...

Read more

BSIA announces new section chairmen
Other News

BSIA announces new section chairmen

The British Security Industry Association (BSIA) has appointed chairmen for most of its 20 sections of membership following its Annual General Meeting, which was held on Tuesday 16th July

Read more

List your business for free

Create a business listing on the UK's leading security and fire directory

Get the IFSEC Global newsletter

The latest security and fire news, trends and insights

Close
FOR MORE INFORMATION CONTACT BSIA LTD
* Oops!
* Oops!
* Oops!
* Oops!
* Oops!
I have read, understood and consent to your Privacy Policy
* sorry this is a required field
MESSAGE SENT!

Thanks for using IFSEC Global Directory,

Your enquiry has been sent to the selected companies, they will be in contact shortly.