Government Officials in the UK have been facing ongoing backlash over their ability to protect citizen information following a string of data breaches over the past few years. Most recently, East Sussex NHS Trust came under fire for misplacing a memory stick containing the personal data of 3,000 of its patients. The ICO has levied more than £5 million worth of civil monetary penalties against the public sector, with these fines set to increase with the finalization of the EU General Data Protection Regulation (EU GDPR), which will come into effect in 2017.
This latest data breach incident at the NHS comes at an inopportune moment, with the launch of the much-anticipated Care.data initiative and the proposition that increasingly mobile healthcare data can be kept secure by the NHS. In an article on the Information Daily, I discuss the current state of data security at the NHS and how continued data security scares could impact connected initiatives over the next 5 years. How can the NHS keep a healthy data protection strategy? discusses the impact data breaches have on initiatives such as Care.data as well as more broadly on the NHS’s Five Year Forward View, which includes investment in connected devices and initiatives for better data governance and integrated data.
With new compliance requirements and fines looming, and important initiatives underway, it’s now more important than ever for the NHS to restructure its data protection strategies. In the article, I discuss a number of provisions in the new EU GDPR which will affect how the NHS manages patient data, including:
- The need for a data protection officer
- The requirement to inform patients if a breach should occur (unless the device is rendered inoperable and the data is encrypted)
- Strict deadlines
- Heavy penalties
The key priority for the NHS between now and when the EU GDPR comes into effect will be ensuring steps are in place to minimise the impact of breaches and ensure that when things go wrong, everyone involved knows what to do. In the article, I discuss how the NHS should be making everyone aware of the upcoming data legislation and what it means for data management (point 1: education), creating an actionable and clear policy (point 2: policy), and implementing underlying technologies which can protect patient data in the event of a breach (point 3: technology).
Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints within a single cloud-based console. Computers and ultra-portable devices such as netbooks, tablets, and smart phones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced. Learn more here.