At a time of constrained budgets for the NHS, the headlines in early June made for grim reading. The Brighton and Sussex University Hospitals NHS Trust have had the largest ever fine imposed (£325,000) by the Information Commissioner’s Office (ICO).
Personal data belonging to patients and staff was taken from Brighton General Hospital in September 2010 when disks which should have been destroyed were removed from a store room and subsequently sold online. See BBC News – Brighton Hospital Fined for the full story.
This story highlights the need for both public and private organisations to responsibly manage the protection of data on the retirement of IT equipment:
- Timely disposal of unwanted equipment minimises the risk of theft from the site and can maximise the returned value from items
- Obtain an audited report showing data wiping and destruction has been performed to the level required for the sensitivity of data
Needless to say Return On IT works with clients to ensure data security is maintained. Depending on the sensitivity of the data, data wiping can be performed once or multiple times to military level specifications, and a report showing that data has been removed provided down to individual serial numbered disk. For clients who require the highest level of assurance, data wiping and/or destruction of disks can take place on your premises.