Data security
of the regulations, and can serve to exacerbate any sanctions that follow. While the individual designated as the data controller may have reviewed the disposal process, and appointed a contractor in good faith, it is this individual that takes the ultimate personal responsibility for any failures, and who will be called upon to demonstrate that they have performed proficiently under their ‘duty of care’.
Record sanctions There have been many high profile examples of public sector organisations failing in their obligations to safeguard personal data under the Data Protection Act 1998. Last year, for example, a Scottish council was fined £250,000 after sensitive documents were found in a supermarket waste bin; the council was told by the Scottish ICO that it had ‘taken its eye off the ball’ when outsourcing disposal services. Much is made of the instances where
data stored on, say, a memory stick or other portable storage device is carelessly left in a public place. However, it is notable that last year’s record fine – £325,000, later settled at £260,000 – was levied on an NHS Trust following its failure to ensure the secure end-of-life disposal of over 250 redundant hard disks. These disks, entrusted to an external contractor, contained very detailed personal information on over 67,000 patients – and they ended up on eBay.
NHS under scrutiny The NHS is particularly in the spotlight when it comes to protection of sensitive data, not least because of the sheer volume of such data in its charge, which has led to its ‘performance’ in this area becoming a primary focus of the ICO. The average NHS Trust is responsible for over 3,000 desktop PCs, with the larger estates specifying up to 15,000. The potential for human error is vast – which is why it is essential that responsibility for data protection and destruction is allocated clearly and effectively. Another reason why the NHS appears
particularly prone to these incidents is, ironically, its efficiency at reporting failings – the legal requirement to do so is not replicated in the private sector – and, of course, detractors are very happy to magnify the ramifications of such errors.
‘Share and share alike’? Around a quarter of NHS Trusts across the UK wholly or partially entrust IT asset disposal and data destruction to estates departments. It is not always clear exactly under whose jurisdiction these responsibilities should lie, as this area spans multiple departments, from IT and estates, to information governance and waste. Granted, the lion’s share of the
52 Health Estate Journal September 2013
Data-wiped drives ready for re-sale/redeployment.
responsibility is shouldered by IT departments as primary data processors. Although IT teams may be specifying hardware and software, they are not always, however, responsible for ensuring the physical disposal of such ‘assets’. Estates managers, on the other hand, may shoulder the task of deploying and disposing of workstations – and yet know nothing about how any data was used, stored, or transferred. Coordination is crucial; unless
procedures and responsibilities are very clearly articulated and allocated, there is a real risk that one or more areas can be overlooked, leading to process errors and a potential breach. Due to these inconsistencies, there needs to be a safety net in place, a final process to ensure that accountability of all assets transferred from the Trust are verified ‘data-free’. The proverbial buck supposedly stops
with the chief executive of any organisation, but so far, at least, there has never been a case of the ICO exercising its powers to target the CEO of a Trust personally for a breach that a member of staff failed to prevent. Although this remains a possibility, it is expected that an element of criminal activity would have to be suspected for such a step to be taken. Nevertheless, the chief executive will be held accountable, and will need to provide the regulators with the required assurances.
A crisis of confidence It is perhaps no surprise, then, that a small rebellion is brewing. The ICO’s high profile campaign is leading more than one estates manager to question his or her responsibility and involvement in this area, making a number perhaps reluctant to continue taking responsibility for a risk which is somewhat out of their control, or indeed area of expertise. One tricky area concerns the disposal
of desktop PCs. As referred to earlier in this article, David Nicholson’s encryption policy was applied to all removable
devices, including laptops, but not to ‘desktop’ PCs.While such machines are not exactly ‘pocket-friendly’, PCs are removed when the time comes to dispose of them. As the data held on these computers is not likely to have been encrypted, it is even more important to have in place a rigorous disposal process. However, before you run off to pull out all your hard disk drives, let me stop you now, since, if you do this, you will almost certainly make matters a whole lot worse. Another stumbling block awaiting the
unwary, and peculiar to the medical profession, is medical devices. These machines are fast becoming computers by another name, and increasingly require the user to store personal information about patients. Despite this, at end-of-life such devices are often shipped off to the auction house and entrusted to personnel who may be well-versed in the refurbishment of electronics or engineering, but have no clue about data protection and destruction.
Trail of destruction Thus, a reputable, experienced data destruction specialist with the right accreditations and equipment can be an estates manager’s saviour. Your contractor should provide you with a detailed asset sign-over, complete with Data Destruction Certification – proof that your data has been destroyed using approved methods. These include erasing or degaussing (targeting magnetic fields), and straightforward physical destruction, or a combination of all three. Erasing data is the only valid option if
the equipment is to be sold on for re-use. Ensure that your contractor is using CESG-approved standards (CESG is The National Technical Authority for Information Assurance, formerly GCHQ’s Communications-Electronics Security Group). Degaussing clears data on magnetic media, but destroys the storage system and renders the media unusable. This still leaves memory cards, mobile
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86 |
Page 87 |
Page 88 |
Page 89 |
Page 90 |
Page 91 |
Page 92 |
Page 93 |
Page 94 |
Page 95 |
Page 96 |
Page 97 |
Page 98 |
Page 99 |
Page 100 |
Page 101 |
Page 102 |
Page 103 |
Page 104 |
Page 105 |
Page 106 |
Page 107 |
Page 108 |
Page 109 |
Page 110 |
Page 111 |
Page 112 |
Page 113 |
Page 114 |
Page 115 |
Page 116 |
Page 117 |
Page 118 |
Page 119 |
Page 120 |
Page 121 |
Page 122
