Our News

Nursing home fined £15,000 for failing to protect sensitive staff & patient data. Are you looking after HR information properly?

Your company has a legal obligation to protect the personal information you hold about your employees, as governed by the Data Protection Act. Among other things, you are legally obliged to ensure that personal employee information is:

– Accurate

– Used fairly and within the limits of the law

– Used for the purposes it is specifically intended

– Kept for no longer than is absolutely necessary

–  Kept safe and secure

That last point is pretty important. You must ensure that any personal data is kept safe and secure. But what happens when you fail to do this?

Northern Ireland Nursing Home Fined £15,000 After Laptop Containing Sensitive Data Stolen

Unfortunately, some businesses learn the consequences of failing to protect sensitive data the hard way.

As reported by employmentbuddy.com last month, a nursing home in Northern Ireland recently received a fine of £15,000. The fine was handed out by the Information Commissioner’s Office (“ICO”), and was the direct result of a staff laptop containing unencrypted personal data being stolen during a burglary. The personal information contained on the laptop included medical information on the nursing home’s 29 residents, and personal data about the 46 members of staff – data that HR has a responsibility to protect.

According to the news report, the ICO found “systematic failings” at the nursing home, including no policies regarding encryption, working from home and mobile device storage. They also noted that there was very little data security training.

How to Increase Your HR Data Security

There are lots of things you can do to increase the security of your sensitive HR data. It helps to start by building policies on your employees’ responsibilities relating to data protection, but there are other things you can do, too.

For example, you can learn more about cyber security to help you fortify the data you store against cyber criminals. CIPD are running a free e-learning module right now, which lasts for 75 minutes, and is designed to teach about cyber security for HR professionals.

You should also seriously consider a cloud HR solution, which securely stores employee data on remote servers, fully encrypted.

What are you doing to protect your sensitive employee data?

Source: HR Data Security