UK Information Commissioner’s Office fines HCA International Ltd for failing to keep fertility patient personal information secure

March 5, 2017

Health records are amongst the most sensitive of information.  Information about a person’s fertility treatment are an even more sensitive category of information again.  It is not surprising that when there is a failure to keep data secure the regulator would take a strong line.  At least in the United Kingdom. In Australia, the regulator has not taken a strong line yet on anything of substance.

The UK Information Commissioner’s Office (the “ICO”) fined HCA International Ltd (“HCA”) £200,000 for failing to keep records secure. The problem stemmed from Read the rest of this entry »

UK Information Commissioner takes issue with London Borough of Ealing for losing court documents in a public street

November 18, 2016

The facts were almost comical.  In February this year a harried social worker gets to her car with a bundle of court documents under her arm.  To get to her keys she puts the documents on the roof of the car.  She opens the door and hops into the car and drives off to her next appointment.  The court documents disappear into the Read the rest of this entry »

A UK Historical Society fined for data breach by the Information Commissioner’s Office

November 14, 2016

Data breaches through lost or stolen lap tops or other BYODs (bring your own devices) is quite common.  Unlike lost paper documents it is possible to lose a significant amount of data held in digital form.  Which is what happened to a Historical Society recently.  The Information Commissioner has issued a Monetary Penalty Notice, fining the Historical Society £500.

The media release Read the rest of this entry »

UK Information Commissioner hits TalkTalk with a record fine for data security failures

October 9, 2016

The UK Information Commissioner has issued TalkTalk with a £400,000 fine for its failure to provide adequate security which resulted in the catastrophic data breach on TalkTak which occurred in October last year.  The ICO can issue a maximum of £500,000.

The breach resulted in personal data of 156,959 customers and the bank account details of Read the rest of this entry »

Information Commissioner’s Office fines a Northern Ireland nursing home for breach of data security

August 28, 2016

A perennial problem in data security is staff taking data off site through lap tops and bring your own devices, usually USB sticks.  The problem is more than removing the data offsite though that can and is a real challenge in data management.  The significant issue is ensuring data is secure when it is off site.

The Information Commissioner’s Office (the “ICO”) has issued a Monetary Penalty Notice, fining a nursing home in County Antrim, Northern Ireland, £15,000 for failing to secure sensitive personal data.  The breach occurred Read the rest of this entry »

Hampshire County Council fined for leaving files with personal details in a disused building

August 24, 2016

Document management is the bane of many organisations.  Take that issue and put it on steroids and that is the scale of the potential disaster that awaits a breakdown in handling personal information.  Government agencies collect a large amount of personal information and are geared towards keeping detailed files.  That means a large volume of documentation.

The Hampshire County Council has been fined £100,000 as a result of 45 bags of confidential waste found in a disused building.  The documents contained sensitive information about adults and children in vulnerable situations.

It is a case of a failure to Read the rest of this entry »

UK Information Commissioner fines Chief Constable of Dyfed-Powys Police for significant data breach

June 10, 2016

Poor data handling policies can lead to very embarrassing outcomes, particularly when it results in the use of emails to transmit sensitive information.  A common form of data breach.  A police officer at Dyfed Powys used the internal email system on 18 June 2015 to send  emails to five internal recipients.  One of the emails contained a list of 8 registered sex offenders in Powys including their names, addresses, telephone numbers and email addresses.

The officer sent the email to a person outside the police service, in other words, outside the internal email system.  The recipient was a member of a community scheme, who notified the police of the error.

The Information Commissioner found that Read the rest of this entry »

Information Commissioner prosecuting ex employee taking personal information from previous place of work

May 27, 2016

It is quite common for equitable claims for breach of confidence relate to private commercial information being taken by ex employees to be used by competitors.  A new take is Read the rest of this entry »

Information Commissioner’s Office fines Blackpool Teaching Hospital Trust for posting private details of over 6,000 of its staff members on its website

May 15, 2016

The Information Commissioner’s Office (the “ICO”) has imposed another swingeing fine for a breach of the Data Protection Act, on this occasion an NHS Trust publishing the national insurance numbers, dates of birth, religious beliefs and sexual orientation of 6,574 members of its staff on its web site.  As a result the Blackpool Teaching Hospitals NHS Foundation Trust has been fined £185,000.  While the breach was egregious it was inadvertent. Even so, the distinction between inadvertent and deliberate goes more to penalty rather than Read the rest of this entry »

UK Information Commissioner slaps enforcement notice on West Dunbartonshire Council for not having proper data protection training

May 1, 2016

One of the biggest challenges in privacy and data protection is having staff who use the data being properly trained and applying that training properly.  Having Read the rest of this entry »