The Information Commissioner has called for “a more practical approach” to data protection regulation, insisting that regulators must not find themselves left behind as technology changes how personal information is used.
Christopher Graham was speaking as he hosted the European Conference of Data Protection Authorities in Manchester, in turn welcoming representatives from around 90 data regulators and international bodies.
“The digital revolution has implications for every aspect of our lives – as citizens, as consumers and as individuals,” urged Graham. “We communicate. We consume. We transact. Unless we are very alert, we are also tracked. Shopping in the supermarket or online, our purchasing habits are recorded and analysed. We live in a world of Big Data and the Internet of Things.”
Graham continued: “Governments too have gone digital, and are keen to find efficiencies in the delivery of joined-up public services. Now there’s also the security dimension, with politicians claiming that public safety is an absolute right while privacy is a right that may need to be qualified.”
The Information Commissioner stated: “That’s where we need to ‘get practical, because the challenges are to how we do things, not what we are there for. If we want to be effective in doing what we do, we’re going to have to learn to do some things differently.”
Graham went on to discuss the potential impact of a reformed EU data protection regulation, the role of international co-operation and the importance of properly funding regulation. Read the speech in full.
He also highlighted research commissioned by the ICO that has looked at what control and security UK Internet users expect when providing their data. The results of that research, together with a paper pulling together the findings of recent similar studies across Europe, have been published.
The Conference of European Data Protection Authorities was first held in The Hague in December 1991, and has been held annually ever since. The ICO last hosted the Conference in Edinburgh in 2009, while there was also an International Commissioner’s Conference in London back in 2006.
A conference resolution, which is likely to focus on greater operational co-operation between members, will be published imminently.
Fax errors lead to data breach at Northumbria Healthcare NHS Foundation Trust
The Information Commissioner’s Office (ICO) has issued Northumbria Healthcare NHS Foundation Trust with an undertaking committing the Trust to improving the way in which it handles patients’ information.
The action comes after the Trust mistakenly sent five faxes containing information relating to the care of several patients to a member of the public. The faxes should have been sent to a social care team working at the Trust but the wrong number was dialled.
After the first incident occurred in March 2014, the Trust took action to make sure its fax machines were only able to send information to pre-programmed numbers belonging to organisations working in the National Health Service. However, these measures were not adopted across all wards and four further faxes were sent to the same member of the public again two months later.
The ICO’s investigation found that the Trust failed to inform all wards about the original data breach and the actions that they should take to stop this mistake occurring again. The Trust also initially made no effort to recover the documents once they were alerted to the problem.
Stephen Eckersley, the ICO’s head of enforcement, said: “Many people will be surprised that we are still having to warn organisations about their use of fax machines. There are certainly more secure ways to send information, but if an organisation decides that a document must be sent in this way then they should have adequate measures in place to make sure the information is actually sent to the correct person. These measures must be adopted across all areas of the organisation. We are pleased that Northumbria Healthcare NHS Foundation Trust is now going to take effective action to make sure that a secure process is in place to keep information sent by fax secure.”
The undertaking commits Northumbria Healthcare NHS Foundation Trust to introducing clear procedures so that any data breaches reported to the Trust are acted upon promptly and remedial measures are introduced across the organisation.
Fax procedures, including the use of pre-programmed numbers to avoid mistakes, must be adopted across all wards to ensure adequate security standards are maintained across all wards.
The Trust must make these improvements by 30 October 2015.