Backup and Storage

Data breach at pharmaceutical company

Failure to properly secure information sees patients’ records stolen

A system used to store data and records of around 2,000 patients was stolen from Pharmacyrepublic Limited’s premises in Warwickshire, with thieves gaining access to information regarding the medication that was prescribed to people by the pharmacy.

The company reported the breach to the Information Commissioner’s Office (ICO) as the sensitive files that made up the Patient Medication Record (PMR) system have not yet been recovered.

"It is important that companies have measures in place to keep personal information secure at all times," said Stephen Eckersley, the ICO’s head of enforcement.

Keeping a secure record of patients’ data is particularly important to instil confidence in such services, and making adequate provisions to ensure details remain safe is a legal requirement under the Data Protection Act.

Secure online document storage is one of the ways in which companies and businesses can take steps to comply with the law and guard against any breaches of their records.

Pharmacyrepublic Limited’s system was designed to identify issues such as the administering of multiple drugs to individual patients, and it was the company’s failure to put in place the appropriate measures to safeguard their data that resulted in the theft.

Such events can lead to businesses having their reputation damaged as people believe that the trust they have placed in companies to protect their information has not been rewarded.

In similar circumstances to those experienced by Pharmacyrepublic Limited, a Scottish charity was found guilty of breaching the Data Protection Act when an employee had memory sticks and papers containing the information of more than 100 people stolen from their home.

Had such records been secured in online backup systems rather than on physical, portable devices, the incident could have been avoided and the charity spared the embarrassment of having to explain to individuals that their information had fallen into the hands of an unknown party.