News broke today that the University of East Anglia in Norwich accidentally leaked an employee’s confidential and sensitive health information in a mass email sent to hundreds of postgraduate research students. The email was sent on Sunday (5 November) afternoon to about 300 students in the social science faculty which included the personal health information of a member of staff. Andrew Clarke, EMEA Director at One Identity commented below.
“Throughout 2017, we have seen a dramatic increase in the number of data breaches – either malicious or through accidental actions. When personal information is released it is harder to recover the situation unlike in a case where a credit card is compromised and the card can just be replaced. One of the primary factors where organisations fall short is by not making security part of their everyday operations. Through experience we know that security is a continual process and goes beyond the basics of installing a firewall or a AV tool. With the fast changing world that we live in, and changes brought about by digital transformation, security has to be embraced by the overall business and consideration to all activities with respect to security. Questions to be asked such as “How do we provision new users?”; “What applications are users allowed to access?”; What is the process to change access rights when a change of job occurs?”; “What controls are in place for administrators and remote contractors?” and “Who is allowed to access specific data records?” – will go a long way to addressing this situation. In the case of UEA, questions that determine how a person accesses an employee’s confidential and sensitive health information; will be a step in the right direction to avoid a repeat of such an accidental case of attaching to an outbound email. Identity & Access Management coupled with Data Governance tools are the right way to get this addressed.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.