In what is becoming an ever more regular occurrence for the NHS, it has been reported that the East Midlands Ambulance Service has lost a disk containing the notes of 42,000 patients’ who had been treated by paramedics in the last few months.
This incident once again underlines the dangers of organisations holding increasing amounts of personal information about individuals both electronically or in paper format. It seems obvious that the greater the amount of information that is held in one place, the more likely it is to go missing, either by accident or as the result of a deliberate breach. Indeed, just last week Kent Social Care Professionals unintentionally sent out an email containing the names, addresses and phone numbers of 120 elderly and vulnerable individuals to nearly 200 people.
Accidental leaks such as this make the need for proper data protection training amongst staff painfully apparent. If an organisation knows that it is going to hold large amounts of personal information, about staff or customers, it should ensure that its employees know their responsibilities under the Data Protection Act 1998 (DPA). Of course this cannot help to stop those who wish to purposely breach data protection law. This can only be achieved by improving the sanctions that are available to punish those who seek to misuse personal information.