Business Fined £15,000 for Failing to Keep Personal Information Safe
The Information Commissioner's Office (ICO) has fined a business £15,000 for failing to keep personal information safe.
Whitehead Nursing Home in Northern Ireland received the fine from the ICO after a member of staff took an unencrypted work laptop home, which was stolen during a burglary. The laptop contained sensitive personal data relating to 46 staff and about 29 residents, including details about sickness absence and information about disciplinary matters. It also held details about residents’ date of birth, mental and physical health and ‘do not resuscitate’ status.
Pursuant to the Data Protection Act 1998, businesses must have measures in place to keep the personal information they hold secure. However, an ICO investigation found that the nursing home had failed to implement any policies regarding the use of encryption, homeworking and the storage of mobile devices or to provide enough data security training.
An ICO spokesman made the following statement:
“Today’s fine shows we can and will act against any organisation we feel is not taking seriously its duty to look after the personal details it has been entrusted with. In a world where personal information is increasingly valuable, it is even more important to ensure the security of data is not overlooked.”
Just as individuals may be prosecuted by the ICO for wilfully removing personal data such as databases and client contact details, businesses should be aware of the risks associated with failing to adequately protect personal data which they hold.
This bulletin is for general guidance purposes only and should not be used for any other purpose.
Brabners is a Limited Liability Partnership