European Data Protection Digest

ICO Warns NHS of Potential Breach Fines

DATA LOSS—UK

November 1, 2012

The Information Commissioner’s Office (ICO) has warned of additional fines to National Health Service organizations if they continue to not meet data protection obligations, Publicservice.co.uk reports. The warning comes on the heels of news that the medical data of as many as 1.8 million patients has been at risk within this year, the report states. An ICO spokesman told The Daily Dashboard, “The monetary penalties we issue are a very important way to discourage others from making the same data protection mistakes. In order to issue a monetary penalty we have to fulfill the criteria set out in our statutory guidance. This includes demonstrating that the breach caused, or had the potential to cause, substantial damage and distress to those individuals affected and the organisation knew or ought to have known that the breach could occur, but still failed to take action. Where this criteria is met, we will consider serving an organisation with a monetary penalty. It is also important to realise that the money stays in the public purse and is paid into the Treasury’s Consolidated Fund. Nothing is kept by the Information Commissioner’s Office.” Meanwhile, the ICO will not take legal action against a Smarter York app for data protection violations.
Full Story