Statement by the IBTS about laptop stolen in New York

The IBTS yesterday (Tuesday 19th February 2008) confirmed that a laptop which contained securely encrypted IBTS data was stolen in New York on Thursday 7th February. The IBTS was notified on Friday, 8th February. This data was in New York, because we are upgrading the software that we use to analyse our data to provide a better service to donors, patients and the public service. To do this, we have engaged the services of the New York Blood Centre (NYBC), a public service blood bank, under a data protection and transfer agreement.

This agreement is in the form approved by the European Commission to facilitate the transfer of personal data. The agreement sets out details of the robust measures which the NYBC is required to take to ensure the security of such data.

Under the terms of that agreement, the IBTS exported on encrypted CD a selection of log files generated from transactions on its computer system, Progesa, to commence the building of the software application. The transaction files are generated when any modification is made to any record in Progesa and the relevant period was 2nd July 2007 to 11th October 2007 when 171,324 donor records and 3,294 patient blood group records were updated.

We are always aware of the potential for data loss and took all measures to ensure that state-of-the-art data encryption was used. The records were on a CD that was encrypted with a 256 bit encryption key. These records were transferred to a laptop and re-encrypted with an AES 256 bit encryption key. This represents one of the highest levels of security available and to our knowledge there is no record of a successful attack against this level of encryption.

The encrypted CD holding the records was handed over to personnel of NYBC in Ireland during the week beginning 3rd December 2007 and is retained by NYBC in a physically secure environment.

On the evening of Thursday, 7th February, an NYBC member of staff was mugged outside his home in New York and the laptop issued to him by the NYBC, containing these encrypted transaction log files was stolen. While the police have been notified and an investigation into the robbery is ongoing, the laptop has not been recovered.

The IBTS notified the Data Protection Commissioner on Monday 11th February.

The IBTS and NYBC are deeply concerned at the theft of the lap top computer. The IBTS is very conscious of its obligations under the Data Protection Acts and has always strived to be fully compliant with those obligations. We are writing to each donor affected by this incident to reassure them and to advise them of the possibility, however remote, that their personal data might be accessed. We expect these letters to be posted on Friday February 22nd.

We will also be writing to the hospitals and GPs who in turn will contact the patients concerned.

In the meantime, donors can contact us at the IBTS information line 1850 731 137.

ENDS

Name	Expires	Purpose
YSC	Session	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
_ga	2 years	Google Analytics. Tells us how you use our websites. Used to ensure the website operates sufficiently for users.
_gat	1 minute	Google Analytics. Helps stop Google Analytics web servers crashing when collecting information on how you use our websites. Used to ensure the website operates sufficiently for users.
_gid	24 hours	Google Analytics. Sets a unique (anonymous) ID for your session to help tell us how you use our websites. Used to ensure the website operates sufficiently for users.
___utmvc	Session	This cookie enables the function of Google Analytics.
__utmz	6 months	Stores the traffic source or campaign that explains how the user reached your site.
__utmb	30 minutes	Used to determine new sessions/visits.
__utma	2 years	Used to distinguish users and sessions.
__utmt	10 minutes	Used to throttle request rate.

Name	Expires	Purpose
_fbp	3 months	Used by Facebook to deliver a series of advertisement products.
GPS	1 day	YouTube cookies which registers a unique ID on mobile devices to enable tracking based on geographical GPS location.
IDE	1 year	Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
VISITOR_INFO1_LIVE	180 days	This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites; it can also determine whether the website visitor is using the new or old version of the Youtube interface.
test_cookie	1 year	This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.

Statement by the IBTS about laptop stolen in New York

Can I Give Blood?

Find A Clinic

Before You Attend

Register Interest

About Cookies On This Site

Statement by the IBTS about laptop stolen in New York

Can I Give Blood?

Find A Clinic

Before You Attend

Register Interest

About Cookies On This Site

Cookie Settings

General Information

If enabled:

If disabled:

Strictly Necessary

Performance

Advertising