Colchester University Hospital has sacked one of its managers following the theft of his work laptop containing the unencrypted names, postcodes and treatment plans of several thousand patients from a car in June.
Jamie Cowper, Director of Marketing EMEA at data protection firm PGP Corporation, commented:
This latest incident again demonstrates the serious problems with security that exist within the public sector but also shows that disciplinary bodies are getting increasingly tough with those people that contravene data protection policies. Clearly, the public sector wants to be seen to be addressing this problem.
However, while the weakest link in data protection is more often than not the end user, the real lesson to be learnt here is that technologies such as encryption should be implemented and managed on an enterprise-wide basis, not left up to the individual. Unless there is evidence of grievous misconduct, the responsibility for data security should lie with the organisation as a whole and that means that in cases such as this, punishment should be top down rather than bottom up.