ICO hit NHS with a £90,000 fine

The Central London Community Healthcare NHS Trust has become the latest victim of the Information Commissioners Office (ICO) who has imposed an eye watering £90,000 fine after a series of breaches of the Data Protection Act was eventually brought to their attention.

The data breach occurred over a three month period where roughly 45 faxes which contained confidential data belonging to patients were accidentally sent to the wrong person. The Central London Community Healthcare NHS Trust meant to fax the patient lists to St John’s Hospice. These patient lists contained information which related to 59 people and their diagnoses, their domestic situation and resuscitation instructions.

After a three month period of receiving these patient lists, the individual who had been receiving them eventually told Blighty’s health service. The individual stated that they have been receiving these patient lists and that they had shredded them to ensure that the information didn’t go any further.

ICO head of enforcement Stephen Eckersley has commented on this case. Eckersley stated, “Patients rely on the NHS to keep their details safe. In this case Central London Community Healthcare NHS Trust failed to keep their patients sensitive information secure. The fact that this information was sent to the wrong recipient for three months without anyone noticing makes this case all the more worrying.”

This is the latest case where the ICO have had to conduct an investigation because of a number of errors. Firstly, The Central London Community Healthcare NHS Trust didn’t have stringent enough measures in place to stop such an error occurring. Secondly, the staff hadn’t been adequately trained on data protection. These two factors combined are the main reason for the ICO imposing the hefty fine.

The trend of confidential data being compromised by people working in the public sector is set to continue as it is very evident that there are still members of staff who haven’t been appropriately trained on data protection. Yet again, this case suggests that we are still acting reactively and not proactively. The need for more stringent measures to be implemented and all members of staff to be adequately trained in data protection is increasing day by day as the implications become more severe if appropriate measures are not in place.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal