Tag: ICO

Serious data breach in HIV clinic in London

11. May 2016

A clinic in London has been fined 180.000 GBP due to a “serious data breach”. The clinic offered a service to HIV-patients in order to receive newsletters and test results as well as make appointments via email. It sent an email newsletter to 781 of its patients with all patient emailaddresses in the “To” field and not in the “Bcc” field. 730 of the emailaddresses included the full names of the patients. The newsletter was used to inform the patients about sexual health services and general treatment details. The Information Commissioner´s Office (ICO) said, “the breach caused a great deal of upset to the people affected”. Information about the health or sexual life of a person is considered to be sensitive personal data and should be protected specifically. Chelsea and Westminster Hospital NHS Foundation Trust, which runs the clinic, has been fined 180.000 GBP. The responsible ICO investigation trust discovered, that a similar error had happened already in March 2010. Although some remedial measures were taken at that time, no specific training had taken place since then.

UK’s Information Commissioner demands prison penalties for serious data offences

22. July 2013

Information Commissioner Christopher Graham said, that people who misuse personal information should face tougher penalties, including the threat of prison in the most serious cases.

The Information Commissioner referred to a case in which a former manager of a health service based at a council-run leisure centre was prosecuted by the Information Commissioner’s Office for unlawfully obtaining sensitive medical information belonging to more than 2,000 people. The manager used the information, which he had sent to his personal email account, to approach patients to advertise a similar service he had set up.

The manager was  prosecuted under section 55 of the Data Protection Act and fined £3,000. He was also ordered to pay a £15 victim surcharge and £1,376.50 prosecution costs.

Mr. Graham issued following statement:

“Nobody expects that their health records will be taken and used in this way. The manager [name removed ] had been told about the need to keep patients’ details confidential, but he decided to break the law to benefit his new business. At very least, behaviour of this kind should be recognised as a ‘recordable offence’ which it isn’t now. For the most serious cases the current ‘fine only’ regime will not deter and other options including the threat of prison should be available. The necessary legislation for this is already on the statue book but needs to be activated. The government must ensure that criminals do not see committing data theft as a victimless crime and worth the risk.”

Category: UK
Tags: , ,
Pages: Prev 1 2 3 4
1 2 3 4