Human resources at a click
Login
0

NHS Trust fined £180,000 over data protection breach

  • HR Article
  • Data Protection
data-html-coding-on-computer-screen

The Information Commissioner’s Office (ICO) have fined Chelsea and Westminster Hospital NHS Foundation Trust £180,000 after it revealed the email addresses of 781 users of an HIV service. Patients using the HIV service were sent a newsletter which mistakenly included all recipients email addresses in the ‘to’ field instead of the ‘bcc’ field.  730 of the email addresses displayed contained full names.  The ICO found that this amounted to a serious breach of the Data Protection Act 1998 and that it was likely to cause substantial distress as recipients of the e-mails could infer the HIV status of the other recipients.  In addition to the information being confidential sensitive personal data, the ICO was conscious that, due to the small geographical area the Trust serviced, the individuals may well have known each other.

The Trust had made a similar mistake in 2010 and, although some steps were taken then to prevent reoccurrence, the ICO found that no specific training had been implemented following that breach.

Chambers and Partners

The Clarkslegal team are commercial and good to work with. They get what our business needs and tell me what I need to hear.

Employers should ensure that they have adequate training in place on data protection obligations and staff should be reminded of the care that needs to be taken when sending group emails, particularly, when this may reveal sensitive information about those involved such as their health.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking professional and legal advice. Please refer to the full General Notices on our website.

Monica Atwal
Monica Atwal
Managing Partner

Related Articles

View all
Can a dismissal be fair without an appeal hearing
  • Data Protection

Use of Personal Devices at Work: Why a Bring Your Own Device Policy is Essential

If you have employees who bring their own devices into the workplace and use said devices to deal with company...

White office with computer and office chair
  • Data Protection

Update on the Data (Use and Access) Bill

In our article, Data Use and Access Bill – how will it impact business and their dealings with Data Protection,...

CCTV cameras on a grey wall
  • Data Protection

Can an employer monitor employees at work?

Can an employer lawfully monitor their employee, without their knowledge, if they suspect wrongdoing? Can employers monitor employees? It’s worth...

Related Resources

View all

Bring your own device policy

This policy covers the use of employees’ own devices (e.g. smartphone, tablet, laptop) for companybusiness. This policy applies to the...

  • Policies
  • Data Protection

Monitoring policy

This monitoring policy provides a brief overview of how a company should approach monitoring in the workplace. Employees and other...

  • Policies
  • Data Protection

Data Protection – An Overview

This factsheet provides and brief overview of data protection legislation. Introduction Data Protection legislation aims to protect and safeguard individual’s...

  • Factsheets
  • Data Protection, Free Downloads

Not a member? Start your membership today!

Sign up
HR Services
Insights
Employmentbuddy
Contact us
Follow us
Find us
London

5th Floor, Chancery House, 
53-64 Chancery Lane, London
WC2A 1QS

Reading

5th Floor, Thames Tower,
Station Road, Reading
RG1 1LX

Find us
London

41-44 Great Queen Street,
London, WC2B 5AD

Reading

5th Floor, Thames Tower,
Station Road, Reading RG1 1LX

Follow us
Clarkslegal is a limited liability partnership registered in England and Wales. Registered number OC308349. Regulated by the Solicitors Regulation Authority (SRA no. 403601)
Human resources at a click
Login