Search

How can we help?

Icon
  • 19 May 2016
  • Privacy and Data Protection

NHS Trust fined £180,000 over data protection breach

The Information Commissioner’s Office (ICO) have fined Chelsea and Westminster Hospital NHS Foundation Trust £180,000 after it revealed the email addresses of 781 users of an HIV service. Patients using the HIV service were sent a newsletter which mistakenly included all recipients email addresses in the ‘to’ field instead of the ‘bcc’ field.  730 of the email addresses displayed contained full names.  The ICO found that this amounted to a serious breach of the Data Protection Act 1998 and that it was likely to cause substantial distress as recipients of the e-mails could infer the HIV status of the other recipients.  In addition to the information being confidential sensitive personal data, the ICO was conscious that, due to the small geographical area the Trust serviced, the individuals may well have known each other.

The Trust had made a similar mistake in 2010 and, although some steps were taken then to prevent reoccurrence, the ICO found that no specific training had been implemented following that breach.
Monica Atwal

Managing Partner

View profile

+44 118 960 4605

Chambers and Partners

The Clarkslegal team are commercial and good to work with. They get what our business needs and tell me what I need to hear.

Employers should ensure that they have adequate training in place on data protection obligations and staff should be reminded of the care that needs to be taken when sending group emails, particularly, when this may reveal sensitive information about those involved such as their health.

subscribe to our mailing list

About this article

  • Subject
    NHS Trust fined £180,000 over data protection breach
  • Author
    Monica Atwal
  • Expertise
    Privacy and Data Protection
  • Published
    19 May 2016

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.
Monica Atwal

Managing Partner

View profile

+44 118 960 4605

About this article

  • Subject
    NHS Trust fined £180,000 over data protection breach
  • Author
    Monica Atwal
  • Expertise
    Privacy and Data Protection
  • Published
    19 May 2016

Read, listen and watch our latest insights

art
  • 19 April 2024
  • Employment

Amanda Glover comments on ‘Employment law isn’t working for anyone’ for HR Magazine

In HR magazine, Amanda Glover, Associate at Clarkslegal responds to the recent article titled ‘Employment law isn’t working for anyone’ by Libby Purves in The Times last week.
art
  • 17 April 2024
  • Immigration

Shaping Britain’s Future: updates to Skilled Worker and Family visas

In December 2023, the UK government, under Home Secretary James Cleverly, announced a five-point plan aimed at reducing net migration, with significant revisions to visa regulations.

art
  • 17 April 2024
  • Employment

‘Injured feelings’- Vento Bands price increase 2024

Injuring someone’s feelings through acts of discrimination, harassment or victimisation can be a costly business.
art
  • 17 April 2024
  • Employment

FAQs on the long awaited amendments to Statutory Paternity Leave

This April has seen a wave of new family friendly rights come into force. Amongst these, is the long awaited amendments to Statutory Paternity Leave.

art
  • 10 April 2024
  • Employment

New Guidance: Confidence to Recruit

The new Government guide in collaboration with the CIPD aims to give employers the confidence to recruit its workforce from a wider range of people including those who may have been overlooked in the past as a problem rather than an asset.

art
  • 03 April 2024
  • Employment

FAQ’s on the new Carer’s Leave Act

Beginning on 6 April 2024, the Carer’s Leave Act comes into force, meaning carers are now entitled to request 1 week’s unpaid leave to care for their dependants.
See More