Privacy Advisor

UK—ICO secures undertakings from multiple healthcare organisations

May 1, 2011

By Hannah Jackson

The Information Commissioner’s Office (ICO) has secured undertakings from five organisations found in breach of the Data Protection Act 1998 (DPA). The undertakings, entered into by various healthcare organisations (including NHS Trusts) and a UK City Council, each relate to failings to maintain the security of personal data.

Undertakings commit signatory organisations to take specified steps to improve their compliance with the DPA and are one of a range of enforcement powers (including the power to issue monetary penalties) available to the ICO. The latest undertakings include commitments to put in place written contracts with third-party data processors, to implement policies and procedures for responding to data subject access requests, to train staff on data storage policies and to encrypt portable devices.


Hannah Jackson is a solicitor with Field Fisher Waterhouse LLP and a member of the firm’s Privacy and Information Law Group. She can be reached at