Inappropriate processing of personal data
The personal details of junior doctors held on the Medical Training Application Service (MTAS) website was readily accessible to any person accessing the website.
Undertaking issued to ensure that sensitive personal data held on the website must be encrypted. Instructions and advice as to the use of passwords and PIN numbers be given to the data controller to those entitled to access the site. Staff will be given appropriate training and regular penetration and vulnerability testing of developing applications and systems to minimise unauthorised access.
Reason for action
The ICO had received a complaint about the data controller’s breach of the Seventh Data Protection Principle.
4 December 2007
View PDF of the Department of Health Undertaking (Breach Watch Archive)