Review and enforce data protection policies

Review and enforce data protection policies

26 Jan 2011

After the Information Commissioners Office (ICO) issued the first fines to organisations breaching the Data Protection Act, the Dental Defence Union (DDU) is reminding dental practices to regularly review and enforce their data protection policies.

Using new powers gained in April 2010, the ICO issued a fine of £100,000 to Hertfordshire County Council for faxing information about a child abuse case to the wrong recipients, while an employment company was fined £60,000 for the loss of an unencrypted laptop, containing the personal information of 24,000 people.

 While neither case involved a healthcare organisation, the ICO has reported that losses of NHS data are relatively common. Since the end of 2007, just under a third of reported security breaches were losses within the NHS.

Deputy head of the DDU, Bryan Harvey, said, “Health organisations that manage highly sensitive patient information, particularly when held electronically, may be vulnerable to an accidental loss of data and of course, this includes dental practices. It’s therefore important to start the year with robust systems in place to protect patient data and ensure that all members of the practice abide by the rules.”