Doctors could be held responsible for the theft of their laptops free RSS feed from Security Park
(16/11/2007)

The Information Commissioner has announced that doctors could be held responsible for the theft of their laptops if it can be proved they were negligent. This will enforce compliance with new data protection laws and ensure doctors take every step in their power to protect their patients’ sensitive data.

This new criminal offence - if implemented - will see doctors fined up to £5,000 in a magistrates court, or an unlimited sum in Crown Court.

Jamie Cowper, Director of European Marketing at PGP Corporation has made the following comments on the news: "On the one hand, this is great news for patient rights groups. Given the recent spate of data breaches at NHS trusts, perhaps Richard Thomas's approach of hard compulsion is the only way to get the medical establishment to take this problem seriously."

"However, by placing the emphasis on protecting the device - specifically laptops - rather than the confidential data itself, he could be accused of treating the symptoms of this problem, rather than providing a cure. What's more, it's not fair to expect doctors to be data security experts. Rather, to be entirely effective, the NHS should respond to the proposed legislation with both a programme of data security education and a systematic roll-out of data protection technology such as encryption."

This announcement has sparked controversy, with Lord Lyell claiming that it is disproportionate to criminalise doctors for losing a laptop. Tom de Jongh, product manager at SafeBoot, feels a much easier way to deal with this situation is to make mobile device encryption mandatory.

“The records held on doctors’ computers are indisputably highly sensitive and action must be taken to prevent loss or theft of data. We are living in a world where cyber crime is on the rise and data theft cases are a daily occurrence. As such, it is good to see that the Information Commissioner is finally starting to think about how to protect the sensitive data doctors carry around with them. The ‘human factor’ is the biggest threat to data and implementing a serious law to ensure this is expelled is important. However, it must be the right law.

“Criminalising doctors for having their laptop stolen sounds to me like cracking a nut with a sledgehammer. The fact is whenever a piece of equipment leaves the doctors environment it has the potential to go missing. With the best intentions in the world things get stolen – this is what I call the ‘human factor’. A doctor cannot guarantee that he or she will not fall victim of a crime and should not be punished for this.

“As such, I feel the first step should be to create legislation stipulating the mandatory use of data encryption. Only if this is ignored should there be a punishment that fits the crime. A robust password and content encryption protocol will ensure that data never reaches the hands of wrongdoers.”

Alan Bentley, Regional VP of Lumension EMEA (formerly PatchLink) commented: "Cases of forgotten or stolen laptops are becoming more and more common, with high profile incidents continuing to surface. While the proposal to fine those responsible for lost laptops is certainly a step in the right direction, it is unlikely to irradiate the problem. This issue needs to be tackled at the source, rather than relying on doctors to guard their laptops."

“Data protection needs to start within the surgery. Meaning, patient records that are not protected in line with data protection laws should simply not be allowed to be transferred onto mobile devices. Policies can be put in place to monitor and control the flow of data, ensuring that only approved data is taken out of the doctor’s surgery and that once data is released it is encrypted to ensure it can not be opened by an unapproved external source."

“The fact that the Information Commissioner is looking to tackle this issue, will no doubt make doctors’ more careful with their laptops. However, it is unlikely to restore public confidence that their private details will be safe. With identity theft at an all time high, it is essential that this issue is addressed head on. It is only by taking a proactive approach to data protection that data held on mobile devices and laptops will be protected from the unexpected.”

Related topics:  Computer and PC Security   Data management and data security   Encryption   Legislation   Physical protection   Security management and policies 


print versionPrint version | email this to a friendEmail to a friend | related articlesRelated articles


Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.


Other Security news and resources


Security News Suppliers Directory Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security interviews Security companies Security events Security links Security market

Product channels

Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products

IT Security white papers and research library

Access Control  Authentication  Data Management  Data Security  Digital Signatures  Email Security  Identity Management  Internet Security  Intrusion Prevention  Network Security  Remote access security  Security Management  Security Policies  Security Software  Security Threats  Virus Detection Software  Virus Protection  VPN  Vulnerability Assessment  Wireless Security 

Security books, guides, standards and toolkits

RFID and Smart Cards books, guides and reference documents  Biometric books, guides and reference documents  CCTV books, guides and reference documents  Intruder alarms and intrusion detection systems books, guides and reference documents  Monitoring and surveillance books, guides and reference documents  IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits  Fire, Health & Safety books, guides and reference documents

Security Resources
Directory GET LISTED! Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security companies Security events Security links Security market Company news

Security Products
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Security products

Security Markets
Bank and financial services security Corporate and enterprise security Education and school security Entertainment and events security Homeland and Government security Hospital and healthcare security Infrastructure and utilities security Manufacturing and industrial security Public sector security Residential and home security Retail security Small business security Sports and recreational security Transport and logistics security


Ensure that you conduct an effective information security risk assessment that is in line with ISO 27001 by purchasing vsRisk™ Risk Assessment Tool

Need a
reference book?
Find it on Amazon:
Security books and magazines in association with Amazon.co.uk







advertise
sumbit an article
copyright
terms & conditions
privacy policy


CMS and Web design by www.Areza.com

Article search

Directory search


add your company
Google

ISO 18028 (Network Security Management)
Home | About us | Contact us | Submit an article | Advertise | Newsletter | RSS Newsfeed | SEARCH