Health & Care Professions Council

Breach details

What Documents containing personal data relating to a ‘fitness to practice’ hearing.
How much An unknown number of documents.
When 2011.
Why A suitcase containing documents relating to a ‘fitness to practice’ hearing was stolen from a train. The solicitors who had prepared these documents had not signed a contract to act only under instruction from the Data Controller, and had not been provided with specific guidance on the redaction of these documents for hearings.

BW Comments

It is strange the the ICO highlights the lack of an adequate contract between the Data Controller and their solicitor. Surely the normal contract of engagement between a client and solicitor would provide the necessary requirements of confidentiality and that the solicitor should only act on the client’s instructions?

Regulatory action

Regulator ICO
Action Undertaking to comply with the seventh data protection principle.
When 09 July 2013.
Details The Data Controller is to immediately enter into a contract with its solicitors and issue instructions regarding the processing of personal data. In addition, agents and contractors given access to personal data are to be provided with specific guidance around data security; compliance with policies on data protection is to be regularly monitored; and security measures are to be implemented to protect personal data.