Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

HSE Data Breach

Options
  • 16-04-2019 2:26pm
    #1
    Jamie2k9
    Registered Users Posts: 10,671 ✭✭✭✭


    Informed personal info was lost on a bus recently however quickly recovered. They informed me by letter and informed Data Commissioner etc. Legally where do I stand as it contained lots of personal info.


Comments

  • Options
    #2
    MarkR
    Moderators, Regional Midwest Moderators Posts: 11,062 Mod ✭✭✭✭MarkR


    Was the data accessed? If for example, it was on an encrypted laptop, and was found and retrieved shortly later, then there should be no issue. If you're looking for some kind of monetary gain, I think you'd have to show there was some form of loss on your side


  • Options
    #3
    Seth Brundle
    Moderators, Politics Moderators Posts: 38,958 Mod ✭✭✭✭Seth Brundle


    From the sounds of your post, nothing was seen by any third parties which in itself is good.
    From what standpoint are you wondering on your rights: compensation? seeking better protection of your personal data through better operational practices (and making sure it can't be "left on the bus")? seeking removal of your personal data from the HSE systems?


  • Options
    #4
    Jamie2k9
    Registered Users Posts: 10,671 ✭✭✭✭Jamie2k9


    It was a list and occurred over a week after they left hospital. I am not the compo type of person nor seeking any but find it strange an inpatient was taken out of the hospital more than a week later.

    Member of public found it.


  • Options
    #5
    Seth Brundle
    Moderators, Politics Moderators Posts: 38,958 Mod ✭✭✭✭Seth Brundle


    I still don't follow.
    Jamie2k9 wrote: »
    It was a list and occurred over a week after they left hospital.
    1. Paper list or list in a digital format? If digital was it encrypted?
    What details were on the list (names or names and addresses and PPS numbers, etc.)?
    Were you identifiable from the data?
    2. "a week after they left hostpital" - you or the staff member?
    Jamie2k9 wrote: »
    I am not the compo type of person
    What are you seeking exactly from pursuing this further? Better procedures within the HSE with their customers' data?
    Jamie2k9 wrote: »
    but find it strange an inpatient was taken out of the hospital more than a week later
    I'm lost here. The patient was taken out of hospital? Or their data was removed a week later?


  • Options
    #6
    Jamie2k9
    Registered Users Posts: 10,671 ✭✭✭✭Jamie2k9


    Seth Brundle wrote: »
    I still don't follow.

    1. Paper list or list in a digital format? If digital was it encrypted?
    What details were on the list (names or names and addresses and PPS numbers, etc.)?
    Were you identifiable from the data?
    2. "a week after they left hostpital" - you or the staff member?


    What are you seeking exactly from pursuing this further? Better procedures within the HSE with their customers' data?


    I'm lost here. The patient was taken out of hospital? Or their data was removed a week later?

    1. The list was paper and contained name, add, date of birth, numbers, procedure info, discharge into etc

    2. Patent involved left hospital and this breach happened 10 days later.


  • Advertisement
  • Options
    #7
    Seth Brundle
    Moderators, Politics Moderators Posts: 38,958 Mod ✭✭✭✭Seth Brundle


    ok so a fair bit of private info there.
    So back to one of my previous questions, what are you seeking exactly from pursuing this further?
    Better procedures within the HSE with their customers' data?
    Disciplinary action against the HSE staff member?
    Money? (how were you affected by this that would justify compensation?)


  • Options
    #8
    Jamie2k9
    Registered Users Posts: 10,671 ✭✭✭✭Jamie2k9


    Seth Brundle wrote: »
    ok so a fair bit of private info there.
    So back to one of my previous questions, what are you seeking exactly from pursuing this further?
    Better procedures within the HSE with their customers' data?
    Disciplinary action against the HSE staff member?
    Money? (how were you affected by this that would justify compensation?)

    Better procedures and an explanation as to the long period between discharge and this happening. I cannot see why this info would have left the hospital. If it was from the same or previous day I could understand. Disciplinary is really dependent on an explanation. I have no interest in money.


  • Options
    #9
    Seth Brundle
    Moderators, Politics Moderators Posts: 38,958 Mod ✭✭✭✭Seth Brundle


    Any decisions or outcomes from any inquiry will be decided by the DPC's office (who you said were notified).
    Have a look at the following...

    Raising a concern with the commission
    Complaints handling, Investigations and Enforcement For Individuals


  • Options
    #10
    AndrewJRenko
    Registered Users Posts: 28,459 ✭✭✭✭AndrewJRenko


    Jamie2k9 wrote: »
    1. The list was paper and contained name, add, date of birth, numbers, procedure info, discharge into etc

    How on earth does this kind of list end up on a bus? Was this a public bus or private transport? Did they have any good reason to have that kind of information on a bus?


  • Options
    #11
    Seth Brundle
    Moderators, Politics Moderators Posts: 38,958 Mod ✭✭✭✭Seth Brundle


    I suspect that kind of detail won't be released.


  • Advertisement
  • Options
    #12
    Mrs OBumble
    Registered Users Posts: 25,710 ✭✭✭✭Mrs OBumble


    AndrewJRenko wrote: »
    How on earth does this kind of list end up on a bus? Was this a public bus or private transport? Did they have any good reason to have that kind of information on a bus?

    Pure speculation:

    Shuttle bus between hospital campuses.
    Being used in a research project by a student.


    OP, 10 days after discharge is not a long time. Your data will be held on file for as long as the hospital has your records. I'd expect that to be until your death plus a bit.


  • Options
    #13
    usernamegoes
    Registered Users Posts: 901 ✭✭✭usernamegoes


    MarkR wrote: »
    Was the data accessed? If for example, it was on an encrypted laptop, and was found and retrieved shortly later, then there should be no issue. If you're looking for some kind of monetary gain, I think you'd have to show there was some form of loss on your side

    Material or non-material damage is how GDPR phrases it.


  • Options
    #14
    Bazzy
    Registered Users Posts: 1,484 ✭✭✭Bazzy


    I have to attend various units in the health services for work

    Everytime I go into one of the units that days listing is sellotaped to the counter and they highlight people off as they arrive

    Name address DOB etc

    Always thought it was a bit odd


  • Options
    #15
    Credit Checker Moose
    Closed Accounts Posts: 1,226 ✭✭✭Credit Checker Moose


    usernamegoes wrote: »
    Material or non-material damage is how GDPR phrases it.
    There is no need to demonstrate any actual loss. Data breach is enough to incur damages.


  • Options
    #16
    uck51js9zml2yt
    Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    usernamegoes wrote: »
    Material or non-material damage is how GDPR phrases it.

    The DPC does not adjudicate on monetary compensation. It's s legal issue.


  • Options
    #17
    usernamegoes
    Registered Users Posts: 901 ✭✭✭usernamegoes


    Corey Straight Ranch wrote: »
    The DPC does not adjudicate on monetary compensation. It's s legal issue.

    That is correct. Circuit Court or High Court I think


  • Options
    #18
    AndrewJRenko
    Registered Users Posts: 28,459 ✭✭✭✭AndrewJRenko


    Mrs OBumble wrote: »
    Pure speculation:

    Shuttle bus between hospital campuses.
    Being used in a research project by a student.
    Yeah, I was thinking of something like that myself. In fairness, that's not quite as outrageous as someone leaving files on a public bus. It would interesting to know whether the bus was public or private.


  • Options
    #19
    Jamie2k9
    Registered Users Posts: 10,671 ✭✭✭✭Jamie2k9


    AndrewJRenko wrote: »
    Yeah, I was thinking of something like that myself. In fairness, that's not quite as outrageous as someone leaving files on a public bus. It would interesting to know whether the bus was public or private.

    The files were found on a Bus Éireann bus by the driver. It happened at UHW.


  • Options
    #20
    AndrewJRenko
    Registered Users Posts: 28,459 ✭✭✭✭AndrewJRenko


    Jamie2k9 wrote: »
    The files were found on a Bus Éireann bus by the driver. It happened at UHW.

    That's particularly outrageous. It is hard to think of any legitimate scenario for anyone to be carrying such files on a public bus.


Advertisement