The Information Commission (ICO) has written to the Department of Health about its record management practice and is seeking significant improvements in the way that the department manages and retains its records.

Between January and April 2009 the ICO reported 140 security breaches in the NHS.  Mick Gorrill, the assistant commissioners in charge of enforcement, said there was a ‘cavalier attitude’ to information at the NHS.  Examples of data loss include unencrypted laptops and memory sticks containing personal medical information being stolen; unencrypted computers containing medical diagnoses, names and addresses being left in a skip outside a hospital and the loss of an encrypted memory stick containing details of over 6000 prison patients whose password was attached to a note on the stick.  Computers and memory sticks have been left on public transport and in cars.

Those trusts who have been found in breach of the Data Protection Act 1988 have signed undertakings, promised to implement more efficient security measures and to improve training of all staff about the importance of protecting patient information.

Lawyers at Leigh Day are experienced in handling claims relating to the loss of personal information, for example, in cases where public bodies have inappropriately released personal information without the person’s consent to third parties. We also advise groups and individuals about the legality of certain collections of information, for example, the proposed government database, ContactPoint, that will contain personal information about every child in the UK. 

For more information please contact Benjamin Burrows or Sean Humber on 020 7650 1200.