Share

Related Links

Related Stories

Top 5 Stories

News

ICO finds NHS Liverpool Community Health breached Data Protection Act

12 April 2011

The medical history of 31 children and their mothers was lost by NHS Liverpool Community Health during a premises move in October last year.

The Information Commissioner's Office said Liverpool NHS breached the Data Protection Act as it had no formal contract in place with the removal company to handle personal data - a requirement of the Data Protection Act - and had no process in place to ensure personal data was kept secure throughout the move.

In a separate incident the Information Commissioner's Office (ICO) has also found the Council for Healthcare Regulatory Excellence in breach of the Data Protection Act after the possible loss of documents from complaint review files containing personal data - but the organisation cannot be certain if the information was received, lost or destroyed.

Sally Anne Poole, enforcement head at the ICO, said: "These incidents highlight significant weaknesses in both organisations' data handling procedures. These incidents should act as a warning to other organisations who handle sensitive papers of the need to make sure their paper records management processes are as robust as their electronic data systems. The protection of data in all formats must be taken seriously," she said.

Bernie Cuthel, CEO of NHS Liverpool Community Health, has signed a formal undertaking to ensure a written contract will always be in place with any third parties responsible for handling personal data on the organisation's behalf and that clear policies and procedures will be put in place to support staff when moving office.

Harry Cayton, head of the Council for Healthcare Regulatory Excellence (CHRE), has signed a formal undertaking ensuring that all future information containing personal data sent between the data controller and regulators is adequately protected and that the authority's existing pilot system for the logging and filing of documentation is implemented permanently.

Just last week the City of York Council also breached the Data Protection Act after disclosing personal data following a printer mix-up.

This story was first published by Computer Weekly

This article is featured in:
Compliance and Policy  •  Data Loss  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×