NHS Education for Scotland has been forced to improve its data security after details on thousands of medical training applicants were stolen.
NHS Education for Scotland (NES) has been forced to act after the Information Commissioner’s Office (ICO) stepped in after the theft of an unencrypted laptop.
The laptop contained the personal information of 6,377 applicants for medical training positions. The information included names, addresses, phone numbers and summaries of the applicants, as well as monitoring information relating to equality and diversity.
Malcolm Wright, chief executive of NES, has signed an ICO undertaking confirming the organisation will take a number of steps to ensure personal information is kept safe and secure in the future. This includes encrypting all portable PCs and other portable devices used to store sensitive information.
Ken Macdonald, assistant Information Commissioner for Scotland, said, “Password protected laptops are not secure. I urge all organisations to restrict and encrypt the personal information stored on portable devices that can be taken off site.
"In this case, the stolen laptop contained sensitive personal information including equality and diversity information. If personal details fall into the wrong hands individuals can experience considerable distress."
In the same way as data falling into the wrong hands can create huge issues; organisations need to be equally as careful about the secure storage and management of their business critical documents. For instance, in an article earlier this year, Version One highlighted how securely storing documents is vital to combating fraud.
A copy of the NES ICO undertaking can be viewed here.
