Sensitive personal information kept insufficiently secure.
“Thousands” of records.
The data controller realised that its own employees could access restricted information relating to patients.
Undertaking issued to ensure that technical security measures are adequate to ensure the security of data.
Reason for action
The data controller brought the matter to the attention of the Data Commissioner. Although this data was only accessible internally it was felt that this displayed inadequate security.
20 April 2011.