Burnetts logo

NHS Foundation Trust to Review its Data Protection Policy

Information law solicitor Natalie Ruane discusses a case concerning a NHS Foundation Trust being ordered to review it's Data Protection Policy.

North Tees and Hartlepool NHS Foundation Trust has been ordered by the Independent Commissioners Office (ICO) to review it's Data Protection Policy

There had been a number of previous incidents over the last year which had resulted in data being lost or disclosed without authorisation including the most recent incident when a file containing sensitive patient information was found at a bus stop.    This led to an Enforcement Notice being issued to the Trust by the ICO.  Other incidents included letters, notes and reports containing patient data being sent to the wrong people.

The ICO’s investigation revealed that at least one department had knowingly breached the organisation’s Data Protection Policy on a regular basis.  The reason given by the department for doing this was that rules around secure transportation of documents were impractical. 

The ICO’s office was concerned at the careless way highly sensitive personal information was being handled.  Even though the organisation had overarching policies in place they clearly weren’t being followed.  The ICO stressed that not only should an organisation have the correct policies and procedures in place but it must ensure that these policies are being followed.  It must provide the right training for staff so that data protection responsibilities are taken seriously.

About the author

Natalie Ruane profile photo

Natalie Ruane

Natalie is a Partner and leads the Employment Law & HR team and specialises in education.

Published: Monday 16th March 2015
Categorised: Information Law

All Factsheets