Here’s another UK breach that we didn’t hear about at the time and only learned about because the entity had to sign an undertaking with the ICO: An undertaking to comply with the seventh principle of the DPA has been signed by Alan M Casson & Associates, after two unencrypted laptops and back up media had…
Category: Health Data
Follow-up to a UK breach: Godalming College signs an undertaking
A follow-up to a breach reported back in April involving Godalming College e-mailing sensitive medical details on 300 students to an entire year group: the college has now signed an undertaking with the ICO to improve its data protection practices. The undertaking provides a bit more detail on how the breach occurred: The Information Commissioner…
CO: Judge lets identity-stealing nurse off with probation
As a follow-up to a breach reported previously on this blog…. Monte Whaley reports: A 31-year-old nurse police say stole the identities of hospital patients in Adams County was sentenced today to six years probation despite a request for prison time. Cannon Tubb in June was charged with multiple counts of identity theft and theft…
Alberta pharmacist fined $15K for snooping through health files
The Canadian Press reports: A former Edmonton pharmacist has been fined $15,000 after admitting she snooped through the health files of several people. The office of the privacy commissioner says Marianne Songgadan was charged after the office received a complaint from a woman in August 2010. The woman said the pharmacist had used Alberta’s electronic…
First-Hand Experience with a Patient Data Security Breach
Micky Tripathi, President and CEO of Massachusetts eHealth Collaborative provides yeoman service by dissecting a security breach they experienced earlier this year. For my money, every entity dealing with patient data should read this piece. If you’ve been through it yourself, you’ll be nodding your heads in empathy, and if you haven’t, well, it may…
UK: Powys County Council fined £130,000 for disclosing child protection case details
From the Information Commissioner’s Office: The Information Commissioner’s Office (ICO) has today served a monetary penalty of £130,000 to Powys County Council for a serious breach of the Data Protection Act where the details of a child protection case were sent to the wrong recipient. The penalty is the highest that the ICO has served since it…