UK—ICO issues monetary penalty to a Welsh health board
Published
Contributors:
Leonie Power
AIGP, CIPP/E, CIPM, FIP
Partner, Privacy and Information
Fieldfisher
The Information Commissioner’s Office (ICO) has issued a monetary penalty of £70,000 to a Welsh health board following an incident in March last year in which a patient's health details ended up in the wrong hands.
The ICO found that the staff members involved in the data breach had not received data protection training and that adequate procedures were not in place to ensure that the information was not misdirected.
The health board is the first National Health Service (NHS) organization to be served with a monetary penalty. The ICO drew attention to the sensitive nature of information held by the health service and called on NHS organizations to take notice of its decision in order to avoid future enforcement action.
The ICO found that the staff members involved in the data breach had not received data protection training and that adequate procedures were not in place to ensure that the information was not misdirected.
The health board is the first National Health Service (NHS) organization to be served with a monetary penalty. The ICO drew attention to the sensitive nature of information held by the health service and called on NHS organizations to take notice of its decision in order to avoid future enforcement action.
Contributors:
Leonie Power
AIGP, CIPP/E, CIPM, FIP
Partner, Privacy and Information
Fieldfisher
