The Privacy Commissioner for Personal Data’s investigation has found the United Christian Hospital has contravened the Personal Data (Privacy) Ordinance in the loss of a USB flash drive containing patients’ personal data.
Releasing the report today, Commissioner Roderick Woo said before using a USB device, hospital staff should first consider whether there is a real need to use it or whether there is any other effective substitute, and assess the potential risk of using it.
“In this case, the medical staff could in fact substitute intranet for USB, which could minimise the risk and impact of losing patients’ personal data. When transmitting data by electronic means, the issue of security should also be assessed appropriately.”
Read more on news.gov.hk. A summary of the investigation on this incident can be found here, and the report itself can be found here.