According to this BBC article, the NHS has had yet another epic data handling disaster.
This time they have lost a back-up tape with the confidential personal information of 38,000 NHS patients.
The Sandown Health Centre on the Isle of Wight sent the data to an outside, private firm ‘to be checked’ via City Link couriers. They never saw the tape again.
Last December, the head of the NHS, David Nicholson told the public that the public could trust the NHS with their details despite having lost twenty-five-million records of child benefit claimants.
In the case of te Sandown data loss, an NHS spokesman said that the chances of the data being misused were small as:
“The tape requires specialist computer equipment to run it….”
Would that specialist equipment, perchance, be a ‘tape-drive’?
“…and the data is password-protected.”
Would that password-protection, perchance, be a password protected Excel file or Access database? In fact, it wouldn’t surprise me if the password was enclosed in the courier package with the tape. 
Public data will not be safe and can be potentially sold to the highest bidder to use in identity fraud
and other such pleasantries until the day these authorities start using proper encryption.
What we should be hearing when such a loss of physical media occurs is that there is no chance of the data being used nefariously if found as it was encrypted using strong algorithms and the private key remains safe.
It would appear that chance would be a fine thing.
Tags: backup tape, city link, courier, data loss, encryption, nhs, sandown health centre, tape, tape-drive
Entries (RSS)
[...] not on the scale of some of the previous gargantuan NHS data loss cockups, an NHS Lothian worker has none the less done their best to compromise [...]