Clinic fined after massive abortion file leak
The blunder took place because the employee accidentally put 11,000 records on an internet-sharing programme.25 April 2008
BILBAO - Spain's Data Protection Agency has fined a medical centre in Bilbao EUR 150,000 after an employee accidentally disclosed the medical records of 11,000 patients on an internet file-sharing programne.
The records include details of 4,000 women who underwent abortions at the Lasaitasuna clinic and are therefore of an exceptionally sensitive nature.
"This is an inexcusable mistake on the part of the medical centre, which did not have adequate security measures in place to prevent a leak of this nature," Artemi Rallo, the director of the Data Protection Agency, said.
The agency traced the source of the leak to an employee's laptop on which the file-sharing programme eMule had been installed, apparently with the intention of downloading music from the internet.
However, the employee mistakenly made public files on the computer's hard drive containing the medical records, allowing anyone on the file-sharing network to obtain them.
"We have to urge all companies, hospitals, banks and schools to take greater care and revise their security systems," Rallo said.
"We need an active policy to train and increase the awareness of citizens" to data security, he added. The Data Protection Agency is currently investigating 16 more similar cases of unlawful information disclosure by companies and organisations.
[El Pais / Monica C. Belaza / Expatica]