DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: ICO announces two undertakings following theft of sensitive personal data

Posted on July 15, 2015 by Dissent

The Information Commissioner’s Office announced two undertakings today.

The first, involving Western Health & Social Care Trust follows two incidents. One incident concerned the theft of two computers from Trust premises during a burglary on October 8, 2013.  The computer contained sensitive personal data relating to the provision of specialist mental health services by a retired employee. Although investigation determined that the information had been deleted from the desktop, there was a risk it could still be retrieved from the hard drive. So there was unencrypted information that could have: (1) been stored offline, and (2) the Trust could have more securely deleted the sensitive information. 1

The second incident was reported to the ICO in June 2014 after photocopied medical records disclosed to an individual in response to a subject access request (SAR) contained information about two other patients.

You can read the Western Health & Social Care Trust undertaking here (pdf).

The ICO also announced an undertaking had been signed by Rochdale Borough Council. The ICO had been contacted by a member of the public that the individual had found social care papers in a public place. The paper files had been held in a cotton bag and had been stolen from the boot of a social worker’s car between the evening of 5 January and the morning of 6 January 2014. The papers contained personal data relating to 86 individuals. Sensitive personal data, including health, mental health, and sexual offence data was included in the files of 29 of those individuals. On investigation, the ICO determined that the social care worker had violated policy by removing too much information from the office, and, also importantly, had never received data protection training, despite having worked for the council for 18 months by the time of the incident.

You can read the Rochdale Borough Council undertaking here (pdf).

Related posts:

  • UK: ICO finds three councils in breach of Data Protection Act
  • UK: Five councils, a youth charity, and a healthcare provider sign undertakings following data breaches
  • Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
Category: Government SectorHealth DataNon-U.S.Theft

Post navigation

← More than 70 targeted in global takedown of hacker forum Darkode
LA: Customers at Houma buffet victims of $20,000 in credit card fraud →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.