Category Archives: Public sector

Kirklees Metropolitan Council

Posted on by

What

Personal data unnecessarily disclosed.

How much

18 records.

Why

Records let visible in an employees’ car.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that sufficient security measures are implemented and checked to prevent inappropriate disclosure of personal data.

Reason for action

Similar accidental disclosures had already occurred during the past year and insufficient measures had been put into place to prevent any reoccurrences.

When

29 July 2011.

Links

View PDF of the Kirklees Metropolitan Council Undertaking (Via ICO Website)

View PDF of the Kirklees Metropolitan Council Undertaking (Breach Watch Archive)

University of York

Posted on by

What

Loss of personal data.

How much

148 records.

Why

Failure to close a test area on the University’s website that contained student records.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that university IT staff ensure the appropriate security of all data following maintenance.

Reason for action

Insufficient managerial control was in place to ensure that the test version of the database was deleted.

When

20 July 2011.

Links

View PDF of the University of York Undertaking (Via ICO Website)

View PDF of the University of York Undertaking (Breach Watch)

Lancashire Police Authority

Posted on by

What

Loss of sensitive personal data.

How much

Unknown.

Why

Sensitive personal data was accidentally published on the data controller’s website.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that sufficient training and security measures are put into place to prevent accidental disclosure of sensitive data.

Reason for action

The data controller was insufficiently familiar with the relatively new system being used to publish their website and failed to take immediate action having been made aware of the error.

When

19 July 2011.

Links

View PDF of the Lancashire Police Authority Undertaking (Via ICO Website)

View PDF of the Lancashire Police Authority Undertaking (Breach Watch Archive)

Northamptonshire Healthcare NHS Foundation Trust

Posted on by

What

Loss of sensitive personal data on two occasions.

How much

One record.

Why

A patient’s records had not been indexed.

Regulator

ICO

Regulatory action

Undertaking issued to ensure sufficient measures are put into place for the storage and security of physical records.

Reason for action

Not all records held by the data controller were indexed.

When

18 July 2011.

Links

View PDF of the Northamptonshire Healthcare NHS Foundation Trust Undertaking (Via ICO Website)

View PDF of the Northamptonshire Healthcare NHS Foundation Trust Undertaking (Breach Watch Archive)

Lancashire Teaching Hospitals NHS Foundation Trust

Posted on by

What

Loss of sensitive personal data.

How much

Two records.

Why

Sensitive personal information was mistakenly faxed to a member of the public on several occasions.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff are made aware of the organisations policies regarding the use and storage of sensitive data and its security.

Reason for action

The wrong number was mistakenly inserted into the fax machine.

When

1 July 2011.

Links

View PDF of the Lancashire Teaching Hospitals NHS Foundation Trust Undertaking (Via ICO Website)

View PDF of the Lancashire Teaching Hospitals NHS Foundation Trust Undertaking (Via Breach Watch Archive)

Basildon and Thurrock University Hospitals NHS Foundation Trust

Posted on by

What

Loss of sensitive personal data.

How much

One record.

Why

Faxes were incorrectly sent to the wrong recipient over a period  of at least a year.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that records are transmitted to GPs in a more secure manner and a ring ahead procedure is implemented.

Reason for action

The Fax was intended for the patient’s GP, but the wrong Fax number was recorded.

When

01 July 2011.

Links

View PDF of the Basildon and Thurrock University Hospitals NHS Foundation Trust Undertaking (Via ICO Website)

View PDF of the Basildon and Thurrock University Hospitals NHS Foundation Trust Undertaking (Breach Watch Archive)

Dunelm Medical Practice

Posted on by

What

Loss of sensitive personal data.

How much

Two records.

Why

Two patient discharge letters were mistakenly sent to an unrelated third party organisation.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that Electronic Discharge letters are only sent by secure email, where possible and that staff are suitably trained.

Reason for action

Records were transmitted by fax and incorrect numbers were used.

When

01 July 2011.

Links

View PDF of the Dunelm Medical Practice Undertaking (Via ICO Website)

View PDF of the Dunelm Medical Practice Undertaking (Breach Watch Archive)

East Midlands Ambulance Service NHS Trust

Posted on by

What

Loss of sensitive personal data.

How much

One record.

Why

Information relating to a patient was mistakenly faxed to the wrong recipient.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff are sufficiently trained in the usage of and policies relating to the fax machine.

Reason for action

The wrong number was mistakenly inserted into the fax machine.

When

01 July 2011.

Links

View PDF of the East Midlands Ambulance Service NHS Trust Undertaking (Via ICO Website)

View PDF of the East Midlands Ambulance Service NHS Trust Undertaking (Breach Watch Archive)

The Ipswitch Hospital NHS Trust

Posted on by

What

Loss of sensitive personal data.

How much

29 records.

Why

A member of staff lost patient’s records in a public place.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that personal data is kept sufficiently secure and that staff are made aware that the removal of such data without clearance is unacceptable.

Reason for action

The member of staff had recently joined the organisation and received no information governance training. This followed a similar loss of data the previous year.

When

01 July 2011.

Links

View PDF of the Ipswitch Hospital NHS Trust Undertaking (Via ICO Website)

View PDF of the Ipswitch Hospital NHS Trust Undertaking (Breach Watch Archive)

Surbiton Children’s Central Nursery

Posted on by

What

Loss of personal data.

How much

21 records

Why

A teacher’s bag was stolen containing an unencrypted memory stick and paperwork.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that portable data devices are encrypted  and that staff only take data off site when absolutely necessary.

Reason for action

The memory stick, containing personal data, was unencrypted.

When

14 June 2011.

Links

View PDF of the Surbiton Children’s Central Nursery Undertaking (Via ICO Website)

View PDF of the Surbiton Children’s Central Nursery Undertaking (Breach Watch Archive)