How confidential is our personal information?

Friday, 14 October 2011 13:56 PAG
User Rating: / 2

ID TheftThat was the title of a PAG presentation in January 2008. At the time we were concerned about organisations' ability to secure all the electronic data about individuals that was being amassed. Risks, actual and potential, that our data may be misused or mislaid were discussed. Our report of the meeting went on to say: 

'Recognising that it would be impractical to seek to hold back advances in information technology, the meeting called for the Government to establish a straightforward and readily enforceable regime that promptly penalised inadequate data protection or misuse. Such a regime should ensure that all government agencies and commercial organisations requiring clients to reveal private personal data should be deterred from allowing it to be used for purposes not originally agreed or failing to safeguard it from falling into unauthorised hands.

Given the importance of the finance sector to our economy, the Isle of Man ought to be setting standards in data handling and protection that would be a beacon for others to follow.

Based on the principle of 'Make the Loser Pay', PAG called for a Misuse of Data Act, covering governmental and commercial bodies and providing for a minimum of £25,000 compensation to anyone who could demonstrate that their data had been lost, held insecurely, or used for any purpose outside the scope of the original authority.

The existence of such a penalty would force organisations to totally re-address the way personal data was stored, and would re-establish the principle of the sovereignty of the individual in determining the use and protection of their personal data.'

Well almost 4 years later and we learn that the unthinkable has happened here in the IOM with the loss of a memory stick containing the personal data of over 100 mental health patients and staff. It has been lost by a Charity used by the Department of Social Care.

Praxis Care (IOM Charity 826)  is a provider of services,  for adults with a learning disability, mental ill health and acquired brain injury. In 2010 the former Department of Health Social Services spent just over £1.2 million with Praxis Care Limited, which had £24.6 million of incoming resources in that year.

It is ironic that in its latest published 2010 Annual Report Praxis Care states:

"During the year, a new Management Information Strategy was agreed by the Senior Management Team and Board. The strategy will enable the organisation to utilise effective and appropriate information technology to manage and monitor the implementation of the service standards under the Quality Management review.

The new systems will be rolled out over the next three years and will allow the organisation to manage its resources

better, thereby improving support to service users."

It goes to show that every organisation, large or small, public or private must not only state a commitment to to securely manage information but also ensure that all staff actively follow the stated aim to the letter.

Is it indeed time to introduce Misuse of Data legislation her in the Isle of Man?