Royal Cornwall Hospitals NHS Trust rapped by ICO over subject access request breaches

News by SC Staff

The Royal Cornwall Hospitals NHS Trust breached the Data Protection Act by disclosing third-party personal data on two occasions, according to the Information Commissioner's Office (ICO).

The Royal Cornwall Hospitals NHS Trust breached the Data Protection Act by disclosing third-party personal data on two occasions, according to the Information Commissioner's Office (ICO).

The ICO said that the first breach happened in July 2010 when an individual received another person's information following a subject access request for information held about them.

Also in December 2010, the same requester made a second subject access response that again contained third party information.

Acting head of enforcement at the ICO, Sally-Anne Poole, said: “More and more people today want to find out exactly what information their GP or hospital holds about them, making subject access requests an increasingly popular tool.

“However, just because staff are busy with requests, this does not mean they can stop doing adequate checks before information is sent out. I am pleased that Royal Cornwall Hospitals NHS Trust has agreed to take the necessary steps to make sure this sort of incident doesn't happen again.”

Peter Colclough, chief executive of Royal Cornwall Hospitals NHS Trust, has signed an undertaking to ensure that procedures for dealing with subject access requests are clearly defined and managed and that all staff receive appropriate training and support in how to follow them.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike