Nursing council fined £150,000

  • 15 February 2013
Nursing council fined £150,000
The Information Commissioner’s Office will not take regulatory action over NHS Digital/

The Nursing and Midwifery Council has been fined £150,000 for breaching the Data Protection Act.

The case is the first time a professional body has been fined by the Information Commissioner’s Office.

The council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children.

The council had been couriering evidence relating to a ‘fitness to practise’ case to the hearing venue when the discs disappeared and were never recovered.

An ICO investigation found the information was not encrypted.

David Smith, ICO director of data protection, said the council had no policy on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered.

“Had that simple step been taken, the information would have remained secure and we would not have had to issue this penalty,” he said.

The ICO said the case highlighted the need for organisations to review their policies on how personal data was handled.

Smith said the ICO was seeing cases of personal data being mishandled “again and again”.

“While many organisations are aware of the need to keep sensitive paper records secure, they forget that personal data comes in many forms, including audio and video images, all of which must be adequately protected,” he said.

“I would urge organisations to take the time today to check their policy on how personal information is handled. Is the policy robust? Does it cover audio and video files containing personal information? And is it being followed in every case?

“If the answer to any of those questions is no, then the organisation risks a data breach that damages public trust and a possible weighty monetary penalty.”

 

 

 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing today includes UK healthcare operations software provider Agilio acquiring PraQties, and a digital tool to determine eligibility for NHS-funded IVF…
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing today includes the good news that surfing the web can improve your wellbeing and NHSE research into cyberattacks.