News

2,500 NHS data breaches recorded each year

Date: 2014-12-09

An investigation carried out by a privacy campaign group has revealed that The National Health Service (NHS) has encountered close to 2,500 confidentiality breaches each year including cases involving private data being stolen, information sent by post or fax and inappropriate posting on social media. 

The investigation, carried out by privacy campaign group Big Brother Watch asked NHS trusts for any breaches of personal data revealing that 7,255 incidents were recorded between April 2011 and April 2014.

Other findings from the investigation included 50 cases of data being posted on social media, 103 cases of data being lost or stolen, 251 cases of data being inappropriately shared with a third party and 236 cases of data being shared by email, letter or fax. The breaches resulted in 61 resignations. 

The organisation described the mistakes as "unacceptable". 

Jonathan Richardson, Managing director at Russell Richardson commented: “Far too often data breaches that could have been easily avoided result in substantial fines and damage to an organisations reputation. Certainly some of the cases reported in the NHS investigation could have been prevented by simply using a reputable company to deal with any confidential data destruction.”

One breach resulted in NHS Surrey being fined £200,000 by data regulators after a second-hand NHS computer found to still contain thousands of patient’s records was auctioned on eBay.

Regulators said NHS Surrey failed to check that a data destruction company had properly disposed of the records. A further three computers that had been sold on eBay still contained sensitive data.

"NHS Surrey chose to leave an approved provider and handed over thousands of patients' details to a company without checking that the information had been securely deleted," ICO head of enforcement Stephen Eckersley said in a statement.

With over 30 years’ experience, Russell Richardson are experts in secure data destruction. Services include confidential document shredding and recycling and also secure corporate IT, mobile device and WEEE recycling solutions.