What type of information? Medical information on residents, including mental and physical health and "Do not resuscitate" status, and details related to employee absences and disciplinary matters.
What happened? An unencrypted laptop was taken home by a member of the nursing home's staff, and then stolen in a break-in.
What was the response? The facility was fined £15,000 after the Information Commissioner's Office (ICO) reported it had found "systematic failings" in data protection measures. Ken Macdonald, head of ICO Regions, said the nursing home lacked policies regarding the use of encryption, the use of work computers offsite, and storage strategies for mobile devices. He also said the facility did not offer enough data security training.
In responding to the fine and ICO's statements, Whitehead Nursing Home expressed surprise and dismay. "The laptop in question was password protected to restrict access to unauthorised persons, however the technical breach was in relation to the lack of full encryption," it stated. Additionally, the facility said it informed police and proper authorities, as well as residents and their families, who, it said, issued no complaints. "To date we have no confirmation that an actual data or privacy breach occurred," the facility said.
Quote: "This nursing home put its employees and residents at risk by failing to follow basic procedures to properly manage and look after the personal information in its care." – Ken Macdonald, head of ICO Regions