BBC News
watch One-Minute World News
Last Updated: Wednesday, 12 March 2008, 08:07 GMT
Thousands hit by breaches of data
The incidents ranged from mis-sent e-mails to online breaches
Personal data breaches affecting thousands of people have been uncovered by BBC Scotland's Investigations Unit.

The information was revealed through freedom of information requests to NHS boards, councils and police forces.

These included lost patient notes, information on sex offenders and compromised payroll data.

All the bodies said they took any breach or loss of information very seriously and urged their staff to report even minor incidents.

In November 2005 a problem with the staff intranet at Comhairle nan Eileann Siar (Western Isles Council) meant National Insurance, bank details and other personal information of all 3,000 staff was accessible.

Information taken outwith the council has to be encrypted
Perth and Kinross Council

A spokesman for the Comhairle said: "We are not aware of any problems for members of staff arising from this breach of security, which was promptly rectified.

"Action was also taken to prevent any recurrence of this situation."

Breaches at other organisations include driving licences being lost in the post and computers and organisers containing personal information being stolen.

Lothian and Borders Police said productions containing the names of accused had been inappropriately discarded.

A force spokesman said: "In terms of the lost items, full-scale and comprehensive investigations were ordered, as was a complete review of information security measures throughout the force."

Perth and Kinross Council said a USB memory stick was lost containing names and salaries, but later found.

A spokesman said: "An information security awareness programme has been introduced to Perth and Kinross Council employees.

"As a result, information taken outwith the council has to be encrypted."

Laptops are often a target for theft in large organisations

Glasgow City Council cited three instances of personal information contained in databases having been breached.

The council said in each instance an employee was disciplined and in two they were reported to the police.

NHS Tayside detailed 19 security breaches relating to staff and patients' personal information, including lost blood samples and confidential patient notes being left on a bus.

The health board said these were not indicative of failure to comply with the policies relating to the use of personal information, but are more a result of human error.

NHS Shetland indicated that inappropriate access to lab results and inappropriate access to medical records of four patients had taken place.

North Lanarkshire Council outlined the case of a lost briefcase containing personal details of pupils, their addresses and dates of birth, which was then found again.

A spokesman said: "The incident took place in September 2006.

"Employees were reminded of the data protection principles and the need to ensure that personal data is kept secure."

Large-scale burglary in schools and other educational establishments continue to be a concern
Edinburgh City Council

Edinburgh City Council said personal information of people who had applied for housing using a public access site was available for a limited time by pressing the History button.

The authority said no known data escaped and settings were restored.

It also outlined the theft of dozens of laptop computers.

A spokesman said in a statement: "All security incidents are formally recorded and each is carefully analysed to see what improvement actions can be made.

"Large-scale burglary in schools and other educational establishments continue to be a concern but the overall figures need to be taken in context of the size of the council ICT estate (approximately 20,000 computers)."

NHS Grampian also detailed stolen laptops, adding: "Five thefts in three years is very disappointing but big hospitals are very busy places and, regrettably, opportunistic theft does take place in public buildings."

The Scottish Government said it was up to public sector bodies to sort themselves out and the last thing it wanted to do was micro-manage.

However, it also said it had carried out a survey recently in light of these data losses and public bodies would receive any guidance from them in due course.

Details of Scots on stolen laptop
29 Jan 08 |  Scotland
Tougher data laws needed, say MPs
03 Jan 08 |  UK Politics
20,000 reward offered for discs
05 Dec 07 |  UK Politics
Review in wake of missing package
28 Nov 07 |  Scotland
Discs 'worth 1.5bn' to criminals
28 Nov 07 |  UK Politics
Pension details package 'missing'
24 Nov 07 |  Scotland

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific