What

Sensitive personal information kept insufficiently secure.

How much

“Thousands” of records.

Why

The data controller realised that its own employees could access restricted information relating to patients.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that technical security measures are adequate to ensure the security of data.

Reason for action

The data controller brought the matter to the attention of the Data Commissioner. Although this data was only accessible internally it was felt that this displayed inadequate security.

When

20 April 2011.

Links

View PDF of the NHS Birmingham East and North Undertaking (Via ICO Website)

View PDF of the NHS Birmingham East and North Undertaking (Breach Watch Archive)

FCA/FSA (7)	£ 7,777,000
ICO DPA (55)	£ 5,573,500