Colchester University Hospital has sacked one of its managers over the theft of his work laptop, which contained unencrypted patient records.
The PC - which was stolen (pdf) from the unnamed manager's car in June - contained copies of the personal details and treatment plans of several thousand patients. Thieves took the machine after breaking into the car, which was parked in Edinburgh at the time, where the unnamed manager was holidaying.
The computer was password-protected but the data was not encrypted.
Colchester Hospital University NHS Foundation Trust said (pdf) that the manager involved was dismissed following a disciplinary panel last Friday. "The unanimous decision of the disciplinary panel sends out a clear statement about how seriously the Trust takes security and patient confidentiality. I again apologise for the distress the theft of this laptop may have caused," said Peter Murphy, chief executive of Colchester Hospital University NHS Foundation Trust.
Data loss cock-ups are all too common and rarely result in anyone been shown the door.
Jamie Cowper, director of marketing at PGP, said that responsibility for implementing adequate security policies ultimately rests at board level.
"Technologies such as encryption should be implemented and managed on an enterprise-wide basis, not left up to the individual. Unless there is evidence of grievous misconduct, the responsibility for data security should lie with the organisation as a whole – and that means that in cases such as this, punishment should be top-down rather than bottom-up." ®