Companies, sort out your stolen data plan

Yes, a standard procedure is definitely needed. Companies should be obliged to contact customers affected within a set period and should also have to financially compensate the people concerned with set amounts according to the degree of risk/severity. It’s not acceptable for companies affected just to apologise.
I haven’t been contacted to tell me my data has been obtained but I am now getting 1 type of spam email (at least several a day) that makes me wonder if my details have been obtained online without my authority. I certainly always select the “no third party contact” option when I have to register my details.

Most emphasis is usually on online data breaches, however, our experience is that non electronic data is far more vulnerable.
We have been embroiled in complaints procedures with the NHS for over three years as a result of this we stumbled across a serious failure of data security.
Prior to the complaints we had needed to get some information on GPs with knowledge of a rare, recently diagnosed condition, of a family member who I will refer to as ‘P’. I ended up talking to the Healthcare Commission who advised that I talk to a local NHS Trust who deal with similar conditions and should have the information that I required. This I did and the Trust promised to ring me back but instead this is what happened.
I will make one thing clear from the start, P was NOT a patient of the Trust and was not referred to it either at this time or later. A manager of the Trust who had never met, talked to or corresponded with P went to our local hospital and accessed P’s medical records (which in this case contained extremely personel, sensitive and confidential information) and discussed them with others, some of whom were of a none medical background.
(The manager even rang P’s GP practice and the GP was quite happy to discuss P’s medical condition – but this is another story.)
We persued this breach through the complaints procedure and even though we had copies of NHS documents that proved what I have described it took the Trust 9 months to admit that they had not complied with the NHS Confidentiality Code. During this period I sent the information to the Information Commissioners Office who ruled that the Data Protection Act was not complied with.
Even with the ICO ruling and the Trust’s admission that they had not complied with the NHS Code the Chief Executive still stated that his staff had “behaved professionally and in P’s best interest”. They clearly do not take data security seriously! Unfortunately the consequences have been far reaching and dire but no one will sort them out. As the Trust had admitted everything and we had an ICO ruling but the Trust would not help rectify the problems they had caused I submitted everything to the Ombudsman, what a waste of time, because the Trust had said ‘sorry’ the Ombudsman accepted this as adeqate and would do nothing. I then went to my MP who made a submission to the Health Minister. We then got a letter stating that his staff had been assured by NHS North West that they complied with national guidelines on data security. This was accepted by the DH even though they had documents that proved otherwise. When this was pointed out the DH just quoted parts of the NHS Confidentiality Code. They clearly are not going to get involved.
What has happened to P is far worse than what has happened to most of those who’s phone’s have been hacked yet there is a total cover up by the NHS and Government. The PM clearly does not mind a data breach in his own ‘back yard’.
A very worrying aspect is that the Trust’s CE acknowledged P was not a patient, that accessing the records was unnecessary and that they had not complied with the NHS Confidentiality Code. But it would appear so what! Because I also have a letter from the Head of Information Governance for the Trust which makes the following quite clear. Any member of staff who has been authorised access patient records as part of their job can access anybody records (even if they are NOT a patient) she then goes on to state that even if you are a patient, and you refuse to let them have access to your records, if they think it is in your best interest they will access them anyway (specifically NOT allowed within the Code). In other words your NHS records are NOT secure; if you have a medic as a friend or neighbour then just remember the next time they are in work they can trawl through your most personal records if they choose and that there is nothing to stop them. And everybody whether NHS or Government will condone it!!!!

In my hotmail account I have been getting a lot of spam in the last 5-6 months such as from Rewards today and many other companies of which I cannot name offering e.cigarettes, PPI insurance, Vodafone products, etc, etc and I don’t know if its because I suffered a data breach of my email address…and if so from whom. I thought it was o2 but it wasn’t them so I don’t know where the source of the leak is coming from.

I get no spam in my yahoo.co.uk account even in their junk mail folder yet I get loads in my hotmail…they are doing nothing about it and I have no way of contacting Hotmail. Fortunately most of it goes in my junk email folder but I am getting fed up with it now.