Confidential medical data found abandoned on campus

Names, addresses and sensitive information discovered in unlocked filing cabinet at University of Bedfordshire

August 25, 2015
Confidential documents locked with padlock and chain

The University of Bedfordshire has launched a review after confidential medical data from teenage research participants was found abandoned in an unlocked filing cabinet.

Folders containing adolescents’ names, addresses, stages of puberty and other details were discovered during a clear-out of offices at Bedfordshire’s Luton campus in July, according to a source at the university.

Details of about 50 research participants had been left unsecured in a public office for more than two years following a research project in 2012, the source said. The files contained participants’ doctor’s details, as well as information about their percentage of body fat and diet.

The university quickly secured the files after being told that they were not under lock and key, the source said, but seemed unaware that the data had been there in the first place.

The research, which looked at differences in body fat distribution between different ethnic groups, was carried out in collaboration with Luton and Dunstable Hospital NHS Trust.

Concerns over the release of confidential medical data have grown in recent years, with a report in 2014 finding that there had been more than 7,000 incidents of data being either stolen or accidentally released since 2011.

In response to these concerns, earlier this year the Information Commissioner’s Office was given the right to force public healthcare organisations to carry out a compulsory audit of their data protection procedures.

No such power exists over universities, but the ICO can investigate those believed to be in breach of the Data Protection Act, and can fine institutions up to £500,000 for serious violations.

A spokeswoman for the university said in a statement: “The University of Bedfordshire can confirm some participant data, from a research project in 2012, that was found to be inappropriately stored was quickly and fully secured.

“A review has begun into why the university’s procedures for the oversight and security of data storage were not followed on this occasion. The staff involved with the project left the university some time ago. It would not be appropriate to comment further until this review has been carried out,” she said. 

david.matthews@tesglobal.com

POSTSCRIPT:

Print headline: Confidential medical data abandoned on campus

Register to continue

Why register?

  • Registration is free and only takes a moment
  • Once registered, you can read 3 articles a month
  • Sign up for our newsletter
Register
Please Login or Register to read this article.

Related articles

Sponsored