Clarkslegal LLP - Solicitors in Reading and London

Legal Updates

NHS Trust fined £180,000 over data protection breach

19 May 2016 #Employment


The Information Commissioner’s Office (ICO) have fined Chelsea and Westminster Hospital NHS Foundation Trust £180,000 after it revealed the email addresses of 781 users of an HIV service. Patients using the HIV service were sent a newsletter which mistakenly included all recipients email addresses in the ‘to’ field instead of the 'bcc' field.  730 of the email addresses displayed contained full names.  The ICO found that this amounted to a serious breach of the Data Protection Act 1998 and that it was likely to cause substantial distress as recipients of the e-mails could infer the HIV status of the other recipients.  In addition to the information being confidential sensitive personal data, the ICO was conscious that, due to the small geographical area the Trust serviced, the individuals may well have known each other.

The Trust had made a similar mistake in 2010 and, although some steps were taken then to prevent reoccurrence, the ICO found that no specific training had been implemented following that breach.

Employers should ensure that they have adequate training in place on data protection obligations and staff should be reminded of the care that needs to be taken when sending group emails, particularly, when this may reveal sensitive information about those involved such as their health.

Clarkslegal, specialist Employment lawyers in London, Reading and throughout the Thames Valley.
For further information about this or any other Employment matter please contact Clarkslegal's employment team by email at employmentunit@clarkslegal.com by telephone 020 7539 8000 (London office), 0118 958 5321 (Reading office) or by completing the form on this page.

Read more articles

Louise Merrell

Louise Merrell
Associate

E: lmerrell@clarkslegal.com
T: 020 7539 8082
M: 0779 900 7325

Contact

Employment team
+44 (0)118 958 5321