Criminal records and private medical information accessed inappropriately
Newly-released disciplinary records for police forces, NHS trusts and
local councils in Yorkshire have revealed that data protection
breaches have been widespread in the region over the past few years.
An investigation by regional paper Yorkshire Post has discovered cases
where public sector workers have been reprimanded for offences ranging
from running inappropriate criminal record checks on family members,
to looking up private medical test results.
Most data protection breaches took place at Yorkshire’s four police
forces, Humberside Police, North Yorkshire Police, South Yorkshire
Police and West Yorkshire police.
Microsoft cloud data breach heralds shape of things to come
Information Commissioner hands out first data breach fines ICO:
Business lags public sector in data protection awareness
At Humberside, a total 31 members of staff had been disciplined over
the past few years for inappropriately accessing data, with one
employee being dismissed. Cases included one CID officer who ran a
criminal record check on his nephew, an incident resolution officer
who looked up information on their step-daughter’s new boyfriend, and
a traffic officer who checked his mother’s neighbour’s criminal
records after his mother was burgled.
This is despite the force having a “dedicated team of experienced
individuals” who focus on maintaining the “integrity and security” of
its databases, according to Humberside’s head of professional
standards, superintendent Ray Higgins.
Over the past three years, North Yorkshire Police said it had
reprimanded staff and officers over 39 cases.
“The use of restricted force data systems and email is monitored. This
enables the force to identify any non-compliance and to investigate
any suspected transgressions,” Assistant Chief Constable Sue Cross at
North Yorkshire told the Yorkshire Post.
“A full range of sanctions are available to deal with the relatively
small number of individuals who breach force policies, including
verbal advice, written warnings, formal reprimands and, in the most
serious cases, dismissal.”
Furthermore, South Yorkshire Police reported 48 cases of data
protection breaches since 2005, while West Yorkshire had 22 cases of
inappropriate access of data and 26 cases of police staff conducting
unspecified ‘misuse of computer offences’.
West Yorkshire was also forced to send written warnings in November to
around 70 staff members who looked up the criminal records of a TV
talent show contest contestant following the appearance of allegations
about her in the tabloids.
Meanwhile, data protection breaches also occurred in nine of
Yorkshire’s NHS trusts, including Wakefield, Barnsley, Rotherham and
Doncaster.
At Doncaster and Bassetlaw Hospitals NHS Trust, a nurse was dismissed,
but then reinstated on appeal, after she accessed private medical test
results of her daughter’s father. A clerk was also given a written
warning after looking up her brother’s test results.
A spokesperson for the trust told Yorkshire Post: "We take data
security very seriously and have a number of means of ensuring that
patients' personal data is not accessed inappropriately. All six cases
of inappropriate access to medical records related to an individual's
colleague, partner, or relative – and while this is inexcusable, it
does not indicate misuse of the millions of patient records we hold."
However, a receptionist at a hospital in Sheffield was also caught
collating patients’ personal contact records and using them for market
research in her second job.
In seven of Yorkshire’s 22 councils, staff were disciplined for
accessing private data on members of the public, including two at
Wakefield Council who looked up information on family members.
Meanwhile, at Rotherham Borough Council, an audit and finance officer
resigned after being caught accessing the records of 72 neighbours to
satisfy their “personal curiosity”.
A spokesperson for the Information Commissioner’s Office (ICO) said:
“As with many organisations that hold a significant amount of personal
data, we have regular contact with a range of public authorities
regarding allegations of staff inappropriately accessing records.
"The usual and most appropriate outcome in these cases is disciplinary
action taken by the employer. However, where that employee is
accessing records for personal gain, such as selling the data on to
third parties, the ICO may open a criminal investigation.”
No comments:
Post a Comment