Lawrence General Hospital in Massachusetts has sent notification letters to 2,071 patients after a thumb drive with patient information was lost. The notification was made August 7, almost two months after the hospital discovered that the drive was missing from a secured hospital laboratory. The drive had been last seen on June 6, and was discovered missing…
Category: Lost or Missing
TX: IRS employee loses flash drive with 11,000 Katy Independent School District employees’ SSN
Sofia Ojeda reports: More than 11,000 workers’ personal information, including birth dates, addresses, and Social Security numbers were potentially leaked during a random IRS audit. […] In an email to Katy ISD employees obtained by KPRC 2, Katy ISD Superintendent Alton Frailey explained the security breach. He said that Wednesday, the IRS conducted a random…
Privacy breach no more: Eastern Health finds missing USB in file folder
CBC News reports: Eastern Health says it’s found the missing USB flash drive containing thousands of employees’ personal information — it was in a file folder in the Human Resources department the whole time. The health authority reported a privacy breach June 19 when a drive containing sensitive information of 9,000 employees went missing. Read…
UK: Brunel University London signs undertaking to provide staff training in data protection
Brunel University London agreed to sign an undertaking with the Information Commissioner’s Office (ICO) after an incident involving the loss of 10 boxes with seven personnel files and 61 Transfer of Undertakings (Protection of Employment) [TUPE] files. According to the undertaking, the incident occurred following an office renovation to remove asbestos. Brunel University London staff members…
UK: ICO issues £180,000 civil monetary penalty in wake of data breaches
The Information Commissioner’s Office (ICO) has issued civil monetary penalty (CMP) of £180,000 to the Money Shop in the wake of two incidents in 2014 that led to a fuller investigation of the Money Shop’s data protection policies and procedures. As described in the notice, on April 16, 2014, a Money Shop store in Lurgan, Northern Ireland was…
UK: Doncaster Metropolitan Borough Council undertaking
Here’s yet another case where an investigation of a breach resulted in the ICO discovering that an entity was not providing data protection training and re-training often enough. On October 10, 2014, the Information Commissioner (ICO) was informed that Doncaster Metropolitan Borough Council had lost a file containing 66 records of families requiring Health services. There is no…