Praxis commits to encrypt patient data

  • 19 January 2012

An Isle of Man care provider has committed to encrypting all personal data on portable devices after an employee lost an unencrypted memory stick holding care and mental health information about 150 individuals last year.

Praxis Care, a service provider for people with learning disabilities and mental ill health, breached the UK Data Protection Act and the Isle of Man Data Protection Act when the stick was lost last August.

The Information Commissioner’s Office said Praxis had taken action to improve its data protection practices following a joint ruling by the ICO and the Office of the Data Protection Supervisor for the Isle of Man.

The company has committed to making sure that all portable devices used to store personal data are encrypted and that any personal information that is no longer needed will also be disposed of securely.

The stick held data on 107 residents of the Isle of Man and 53 residents of Northern Ireland. The information about Northern Ireland residents dated from two years earlier, when the employee had worked there. Some of the information was sensitive, and related to individuals’ care and mental health.

UK Information Commissioner Christopher Graham said carrying people’s personal information around on an unencrypted memory stick was“clearly unacceptable.”

“The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.”

The device has not been recovered. However, Praxis informed everybody who might have been affected about the loss and no complaints have been received by the regulators.

 

Iain McDonald, Isle of Man data protection supervisor, said the joint action in this case sent a clear message that a lax attitude to data security would not be tolerated.

“We will continue to work with regulators in other countries to ensure that our residents’ personal information is protected,” he said.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
Patient data published online following south east London cyber attack

Patient data published online following south east London cyber attack

Cyber criminals have published patient data online which they claim was stolen as part of an attack on Synnovis, NHS England has confirmed. 
ICO guidance on transparency published for health and care sector

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.