Monthly Archives: October 2010

Portsmouth City Council

Posted on by

What

Inappropriate disclosure of personal information.

How much

One record.

Why

Third-party data related to an individual was inappropriately released due to a SAR request.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all individuals dealing with SARS receive sufficient training and guidance.

Reason for action

It transpired that the individual tasked with redacting data for this type of request was neither an employee of the data controller nor acting under process as a data processor. It was also revealed the guidance and checking of these processes was inadequate.

When

19 October 2010

Links

View PDF of the Portsmouth City Council Undertaking (Via ICO Website)

View PDF of the Portsmouth City Council Undertaking (Breach Watch Archive)

Lord Chief Justice of Northern Ireland

Posted on by

What

Inappropriate disclosure of personal information.

How much

One record.

Why

A document containing an individual’s name and address was inadvertently attached to an email and sent to over three hundred individuals.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that all staff are made aware of and are appropriately trained in procedures for distributing emails and adequate checks are carried out.

Reason for action

Although staff had received advice and training on data protection issues in general there was no written guidance or instructions on how to deal with this type of work.

When

19 October 2010

Links

View PDF of the Lord Chief Justice of Northern Ireland Undertaking (Via ICO Website)

View PDF of the Lord Chief Justice of Northern Ireland Undertaking (Breach Watch Archive)

North West London Hospitals NHS Trust

Posted on by

What

Loss of sensitive personal information .

How much

56 records.

Why

A computer printout containing patient information was left in a general folder used for auditing that was accidently left on a tube train.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that psuedonymisation techniques are used where individual identification of patients is needed for audit work.

Reason for action

Although much audit work is carried out at home there was no need for this computer print out to contain the genuine identities of patients.

When

14 October 2010

Links

View PDF of the North West London Hospitals NHS Trust Undertaking (Via ICO Website)

View PDF of the North West London Hospitals NHS Trust Undertaking (Breach Watch Archive)

Healthcare Locums PLC (HCL)

Posted on by

What

Loss of personal information .

How much

Unknown.

Why

A Network Storage device containing records relating to doctors employed by the data controller was lost or stolen in transit during a move and was sold on eBay. It was eventually recovered.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that contracts are put in place between the Data controller and any contractors it uses to process personal data on its behalf, who must be sufficiently checked. Sufficient physical security measures must be implemented and records of data contained on physical media must be kept.

Reason for action

Neither the network storage device or the personal data contained within it were encrypted. No inventory of equipment being transported was taken and therefore the loss/theft of the device went unnoticed until the eBay buyer contacted the Data controller.

When

14 October 2010

Links

View PDF of the Healthcare Locums PLC Undertaking (Via ICO Website)

View PDF of the Healthcare Locums PLC Undertaking (Breach Watch Archive)