{"id":314,"date":"2012-01-13T21:14:21","date_gmt":"2012-01-13T21:14:21","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=314"},"modified":"2012-11-24T20:48:35","modified_gmt":"2012-11-24T20:48:35","slug":"health-worker-breaches-data-protection-act-gets-fine","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/","title":{"rendered":"Health worker breaches Data Protection Act, gets \u00a31500 fine"},"content":{"rendered":"<p>Breaches of the Data Protection Act, almost commonplace in 2011, continue into the new year of 2012. As has often been the case, the incident reported this week has been another breach involving a health care worker gaining access to records on the centralised systems.<\/p>\n<p>Recently it was reported that the Information Commissioner was going to crack down on the health care sector, as the data held is generally considered amongst the most sensitive information people disclose. It remains to be seen if the ICO crackdown will significantly change behaviour or not.<\/p>\n<p>Yesterday (12 Jan) the <a title=\"ICO News Report - Health worker convicted of unlawful access\" href=\"http:\/\/www.ico.gov.uk\/news\/latest_news\/2012\/health-worker-convicted-of-obtaining-patient-details-unlawfully-12012012.aspx\" target=\"_blank\">Information Commissioner reported<\/a>:<\/p>\n<blockquote><p>A former health worker has pleaded guilty to unlawfully obtaining patient information by accessing the medical records of five members of her ex-husband\u2019s family in order to obtain their new telephone numbers.<\/p>\n<p>Juliah Kechil, formerly known as Merritt, a former Health Care Assistant in the outpatients department at the Royal Liverpool University Hospital, was convicted under section 55 of the Data Protection Act at Liverpool City Magistrates Court today. She was fined \u00a3500 and also ordered to pay \u00a31,000 towards prosecution costs and a \u00a315 victim surcharge.<\/p><\/blockquote>\n<p>In this instance, it appears that the control measures in place at the Royal Liverpool University Hospital were sufficient for the hospital to properly audit the employee&#8217;s activity and prevent the ICO issuing a finding against them.<\/p>\n<p>The important lessons for any\u00a0conscientious\u00a0business owner are:<\/p>\n<ul>\n<li>Make sure your audit and access management systems are sufficient that you can detect misuse and properly identify the guilty party. Failure to implement these measures could leave you liable to a DPA breach rather than the actual\u00a0perpetrator.<\/li>\n<li>Educate your staff on their obligations to protect sensitive data. While this case is about a DPA breach, malicious or negligent employees can compromise any of your data and if it is important to you, you can bet it is important to someone else.<\/li>\n<\/ul>\n<p>Another benefit of making sure your employees are properly educated on how to behave is that it is a lot better than having to replace them!<\/p>\n<p>Remember, while the ICO fines will only relate to the misuse of personal data, you need to consider how your corporate data is being used. Do you know if your employees are accessing sensitive information (deliberately\u00a0or negligently) and then allowing this information to leak? If not, then the first you may discover about this is when a competitor beats you to the punch &#8211; at which point it is too late and your security is compromised.<\/p>\n<p>Security only works when it is proactive and\u00a0effectively\u00a0implemented. Dont try to save money by only spending after the horse has bolted. This is always a mistake.<\/p>\n<p>It really is always in your best interests to develop and implement a robust security plan, and ensure that all your employees are aware of what is expected of them. If you want assistance in developing or implementing such a plan than <a title=\"Get in touch with Halkyn Consulting\" href=\"http:\/\/www.halkynconsulting.co.uk\/contact\/contact-security-team\" target=\"_blank\">get in touch with Halkyn Consulting<\/a> and we will be pleased to work with you on every step of the journey.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Breaches of the Data Protection Act, almost commonplace in 2011, continue into the new year of 2012. As has often been the case, the incident reported this week has been another breach involving a health care worker gaining access to records on the centralised systems. Recently it was reported that the Information Commissioner was going [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5,22,3],"tags":[23,24,6,140],"class_list":["post-314","post","type-post","status-publish","format-standard","hentry","category-security","category-security-education-and-awareness","category-securitynews","tag-business-protection","tag-data-protection","tag-infosec","tag-security","entry"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Health worker breaches Data Protection Act, gets \u00a31500 fine - Halkyn Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Health worker breaches Data Protection Act, gets \u00a31500 fine - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"Breaches of the Data Protection Act, almost commonplace in 2011, continue into the new year of 2012. As has often been the case, the incident reported this week has been another breach involving a health care worker gaining access to records on the centralised systems. Recently it was reported that the Information Commissioner was going [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-01-13T21:14:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-11-24T20:48:35+00:00\" \/>\n<meta name=\"author\" content=\"Taz Wake - Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/tazwake\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Taz Wake - Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/\"},\"author\":{\"name\":\"Taz Wake - Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\"},\"headline\":\"Health worker breaches Data Protection Act, gets \u00a31500 fine\",\"datePublished\":\"2012-01-13T21:14:21+00:00\",\"dateModified\":\"2012-11-24T20:48:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/\"},\"wordCount\":512,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Business Protection\",\"Data Protection\",\"Information Security\",\"Security\"],\"articleSection\":[\"Security\",\"Security Education and Awareness\",\"Security News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/\",\"name\":\"Health worker breaches Data Protection Act, gets \u00a31500 fine - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2012-01-13T21:14:21+00:00\",\"dateModified\":\"2012-11-24T20:48:35+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Health worker breaches Data Protection Act, gets \u00a31500 fine\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\",\"name\":\"Taz Wake - Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"caption\":\"Taz Wake - Halkyn Security\"},\"description\":\"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\",\"https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Health worker breaches Data Protection Act, gets \u00a31500 fine - Halkyn Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/","og_locale":"en_GB","og_type":"article","og_title":"Health worker breaches Data Protection Act, gets \u00a31500 fine - Halkyn Security Blog","og_description":"Breaches of the Data Protection Act, almost commonplace in 2011, continue into the new year of 2012. As has often been the case, the incident reported this week has been another breach involving a health care worker gaining access to records on the centralised systems. Recently it was reported that the Information Commissioner was going [&hellip;]","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/","og_site_name":"Halkyn Security Blog","article_published_time":"2012-01-13T21:14:21+00:00","article_modified_time":"2012-11-24T20:48:35+00:00","author":"Taz Wake - Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/tazwake","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Taz Wake - Halkyn Security","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/"},"author":{"name":"Taz Wake - Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc"},"headline":"Health worker breaches Data Protection Act, gets \u00a31500 fine","datePublished":"2012-01-13T21:14:21+00:00","dateModified":"2012-11-24T20:48:35+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/"},"wordCount":512,"commentCount":0,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Business Protection","Data Protection","Information Security","Security"],"articleSection":["Security","Security Education and Awareness","Security News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/","name":"Health worker breaches Data Protection Act, gets \u00a31500 fine - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2012-01-13T21:14:21+00:00","dateModified":"2012-11-24T20:48:35+00:00","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/01\/health-worker-breaches-data-protection-act-gets-fine\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Health worker breaches Data Protection Act, gets \u00a31500 fine"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc","name":"Taz Wake - Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","caption":"Taz Wake - Halkyn Security"},"description":"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.","sameAs":["http:\/\/www.halkynconsulting.co.uk","https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-54","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=314"}],"version-history":[{"count":4,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/314\/revisions"}],"predecessor-version":[{"id":317,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/314\/revisions\/317"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=314"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}