Northern Health and Social Care Trust

Breach details

What Personal data including information on physical or mental health.
How much An unknown number of incidents including the faxing of confidential service user information to the wrong recipient and the inappropriate disclosure of personal data to professionals working with the Trust.
When An unknown period, dating to at least May 2011.
Why A number of security incidents led to the Commissioner’s investigation into the Trust. It was discovered that most of the staff involved in these incidents had not received the supposedly mandatory Information Governance training, and the Trust failed to monitor and enforce staff completion of training. This led to staff being unaware of Information Governance policies.

Regulatory action

Regulator ICO
Action Undertaking to comply with the seventh data protection principle.
When 13 August 2013.
Details From the date of this undertaking staff are to be made aware of policies regarding the storage and use of personal data and are given appropriate training in this and in dealing with security breaches. Measures should be put in place to ensure that staff attend all mandatory training. In addition, portable devices used to store personal data must be encrypted.