The Information Commissioner's Officer (ICO) has just found NHS in breach of the Data Protection Act.
ICO has ordered a number of organizations to sign the undertakings following the breach of the Data Protection Act.
The action was lead from 5,000 records of personal data of patients which had recently been stolen from the University NHS Trust. The Data Protection Act requires organizations to take relevant measures and controls to prevent loss of data or inappropriate access.
This raises the concern of Information Systems Security Management policies within organizations and the tool of Risk Analysis. Although the Data Protection Act specifies these measures, why aren't organizations able to meet the requirements? The main question of concern revolves around adequate IS Security measures.
Posts
No comments:
Post a Comment