More evidence that the Information Commissioner’s Office (ICO) is prepared to clamp down on breaches of the Data Protection Act.
This month the ICO issued a penalty of £60,000 to St George’s Healthcare NHS Trust in London after a vulnerable individual’s sensitive medical details were sent to the wrong address.
This follows fines last month of £325,000 and £225,000 for Brighton and Sussex University Hospitals NHS Trust and the Belfast Health and Social Care Trust respectively for serious breaches of the Act.
All organisations holding or using personal data are required to comply with the Data Protection Act, two key requirements of which are to use personal data fairly and lawfully (i.e. organisations must make sure that individuals understand how their personal data will be used) and to keep personal data secure. Breach of the Act can result in a fine of up to £500,000.
Given the possible consequences it is clearly important that all organisations take their data protection obligations seriously.
For further advice please contact us at firstname.lastname@example.org