Robust Paper Record Management Needed

11 Apr 2011 - ICO warns that paper records also require data protection

Two healthcare organisations have been found to be in breach of the Data Protection Act for the loss of files.

NHS Liverpool Community Health breached the Act by losing papers relating to the medical history of 31 children and their birth mothers during a premises move. The ICO’s investigation found NHS Liverpool had no formal contract with the removal company on how to handle personal data – a requirement of the Act – and had no process to ensure personal data was secure throughout the move.

In a separate incident the ICO also found the Council for Healthcare Regulatory Excellence (CHRE) in breach of the Act after the possible loss of documents from complaint review files containing sensitive data. However due to weaknesses in document recording the organisation cannot be certain if the information was ever received or whether it was subsequently lost or destroyed.

“…these incidents should act as a warning to other organisations who handle sensitive papers of the need to make sure their paper records management processes are as robust as their electronic data systems. The protection of data in all formats must be taken seriously.” Sally Anne Poole, Acting Head of Enforcement said.

Cryptzone View

NETconsent enables organisations to take greater control of policy distribution and enforcement to increase policy and procedure effectiveness. Delivered directly to employees workstations when logging into the network, you can guarantee staff view required documents. These documents can even be enforced so that access to the system is denied if users don’t sign up.

The dangers of a misinformed workforce are obvious, and the penalties of breaching the Data Protection Act can be severe, and not just financially. Some companies never recover from the damage to their reputation. Therefore a system that ensures policies are read and understood is a real asset.

NETconsent  helps to raise levels of governance within organisations and increases compliance whilst giving new controls to management. At the click of a button policies, guidelines, and procedures can be delivered direct  to the desktop of the relevant audience , whilst reporting capabilities provide actionable insight and reliable audit trails that empower management to understand where policies and procedures are failing.