The Information Commissioner’s Office has found a healthcare recruitment agency in breach of the Data Protection Act after it lost doctors’ personal data that ended up being sold online.
Healthcare Locums (HCL) first notified the ICO about the breach when it confirmed that a network storage device containing details about doctors’ security clearance and their visa information had been sold on an auction website. Neither the device nor the data were encrypted.
HCL’s records showed that the hard drive was being transferred from its Skipton branch to its Loughton branch in February 2010 for secure storage prior to decommissioning.
However, the agency did not have an inventory list for the transfer, so did not realise the device was missing until it was reported by a member of the public who had been sold the device on auction website eBay. It was believed that the device was most likely lost or stolen in transit. sonal data sold on eBay.
Full story at NetworkWorld