The theft of three laptops has prompted Birmingham NHS to issue notification letters to more than 7,000 patients. It has been confirmed that none of the computers were making use of hard drive encryption software.
One of the computers was stolen from a car. Another was stolen during a mugging (second such instance I have read of). There is no mention of how the third one was lost.
All three computers were owned by Trulife, a surgical firm whose services were used by various hospitals, including Birmingham Children’s and City, Sandwell and Rowly Regis. The former saw approximately 3,500 patients affected, while the latter had over 3,600 patients affected.
Letters of apology are being sent out from Trulife explaining the situation. I can’t help but notice that the UK seems to approach the issue of data breaches differently from the US.
In the US, it’s generally the original holder of the data that is deemed responsible. That is, if the above data breach had occurred on this side of the Atlantic, it would have been the hospitals sending out the letter, possibly mentioning that an outside firm had experienced the data breach.
The use of data security products, such as encryption software would have meant that such a fiasco could have been avoided. Indeed, that’s the reason why anyone would use data encryption at all.
Actually, let me rephrase that. The fiasco I’m referring to is the possibility of sensitive data falling into the wrong hands. Obviously, the use of encryption couldn’t have prevented the burglary itself, nor the mugging (otherwise, I bet the industry wouldn’t have any problems selling this stuff–not that they’re doing badly).
Likewise, if I’m not wrong, under UK regulations, the affected hospitals would still have to announce the breaches, since sensitive data has been stolen. But, they would get to mention that the data is unlikely to fall into the hands of criminals.
The Information Commissioner’s Office would get involved only minimally, and affected patients (and their parents) probably would let the issue slide….ever since the UK government lost those two CDs, with sensitive information on nearly half the country’s population, the UK public seems to understand the benefits of encryption.
Related Articles and Sites: