Search

How can we help?

Icon

NHS Trust fined £180,000 over data protection breach

The Information Commissioner’s Office (ICO) have fined Chelsea and Westminster Hospital NHS Foundation Trust £180,000 after it revealed the email addresses of 781 users of an HIV service. Patients using the HIV service were sent a newsletter which mistakenly included all recipients email addresses in the ‘to’ field instead of the ‘bcc’ field.  730 of the email addresses displayed contained full names.  The ICO found that this amounted to a serious breach of the Data Protection Act 1998 and that it was likely to cause substantial distress as recipients of the e-mails could infer the HIV status of the other recipients.  In addition to the information being confidential sensitive personal data, the ICO was conscious that, due to the small geographical area the Trust serviced, the individuals may well have known each other.

The Trust had made a similar mistake in 2010 and, although some steps were taken then to prevent reoccurrence, the ICO found that no specific training had been implemented following that breach.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

Chambers and Partners

The Clarkslegal team are commercial and good to work with. They get what our business needs and tell me what I need to hear.

Employers should ensure that they have adequate training in place on data protection obligations and staff should be reminded of the care that needs to be taken when sending group emails, particularly, when this may reveal sensitive information about those involved such as their health.

About this article

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

About this article

Read, listen and watch our latest insights

art
  • 19 July 2024
  • Immigration

UK Immigration Rules for Business Visitors: Flexibility and Controversies

The UK’s immigration rules have changed significantly in the past five years and have introduced greater flexibility for non-EEA nationals who wish to visit the UK as business visitors.

art
  • 17 July 2024
  • Commercial Real Estate

The Leasehold and Freehold Reform Act 2024: what does it mean for my leasehold property? 

The leasehold system in the UK has been subject to some unfavourable press for some time now.

art
  • 15 July 2024
  • Privacy and Data Protection

The duty to protect third parties: is your DSAR response compliant?

Responding to a data subject access request (DSAR) may feel like a daunting process. It requires a solid understanding of the data subject’s rights, and of the meaning of personal data.

art
  • 10 July 2024
  • Employment

Redundancy : Back to Basics FAQs

Redundancy can be a scary and overwhelming time both for employees being made redundant, and for those that have to make the decision. It is important for both parties to know their rights and obligations in this time.

art
  • 09 July 2024
  • Litigation and dispute resolution

Buyer Beware: Practical Guidance for Breach of Warranty in an SPA

Are you buying a business? Whether you are buying shares in a company or purchasing its assets… the general Latin common law principle “caveat emptor” applies.

art
  • 08 July 2024
  • Corporate and M&A

Navigating corporate transparency: ECCTA reforms series

This is the second article in a series exploring the changes brought by the Economic Crime and Corporate Transparency Act 2023 (ECCTA).