Care provider slammed for losing memory stick

A care provider with offices in Northern Ireland and the Isle of Man is beefing up its data protection practices after losing an unencrypted memory stick containing sensitive personal information relating to individuals’ care and mental health.

 

Praxis Care Limited lost the memory stick on the island in August 2011 and was found to have breached both the UK Data Protection Act and the Isle of Man Data Protection Act by failing to keep user data secure.

 

The device was never recovered. However, Praxis has informed all affected individuals about the loss and no complaints have been received by the regulators.

 

Following a joint ruling by the Information Commissioner’s Office (ICO) and its Manx equivalent, the Office of the Data Protection Supervisor (ODPS) for the Isle of Man, the company has now committed to making sure that all portable devices used to store personal data are encrypted. Any personal information that is no longer needed will also be disposed of securely in line with the company’s updated data security guidance.

 

Christopher Graham, UK Information Commissioner, said carrying people’s personal information around on an unencrypted memory stick is clearly unacceptable. “The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.

 

Graham also said the ICO would continue to work closely with other data protection regulators where it is clear that a data breach extends across national boundaries.

 

Iain McDonald, Isle of Man Data Protection Supervisor, added: “Today’s joint action aims to send a clear message to organisations that a lax attitude to data security will not be tolerated by either the ODPS or the ICO.”