Reading:
Hollybrook Medical Centre data breach
Share:
email breach

Hollybrook Medical Centre data breach

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

The Hollybrook Medical Centre data breach is another example of an employee (or former employee in this case) who has abused their rights of access to data.

In this case, former GP Practice Manager, Shamim Sadiq, was suspended and dismissed on unrelated matters from the Hollybrook Medical Centre in November 2017. The day after the suspension came into force, Sadiq reportedly accessed her work email account and committed a data breach by sending information to her personal email address.

The reason she was able to still access the account was because she was also employed as an advisor for the Care Quality Commission. She therefore still had access to her NHS email account.

How the Hollybrook Medical Centre data breach was discovered

The Hollybrook Medical Centre data breach incident committed by Sadiq was discovered when a member of staff was given access to Sadiq’s account after her suspension. The email forwarding was discovered, and Sadiq was duly referred to the Information Commissioner’s Office (ICO) for the breach.

The data that was misused was information relating to 13 application forms for vacancies at the Practice. The misused data included names, addresses, email addresses, National Insurance numbers and the information of referees.

There was no lawful reason for the data to have been forwarded to her personal email address.

What are the lessons to be learned here?

Ultimately, the Hollybrook Medical Centre data breach incident happened because of the illegal actions of a former employee. Sadiq retained access to her NHS account as a result of her special advisory role to the CQC.

So, could it have been stopped?

There could be the argument that, as she still had access to the account, there was nothing that could have been done. In the alternative, perhaps the Practice ought to have foreseen that an incident could occur on the basis that she would still have access to her account.

Ultimately, this is another case of an NHS employee abusing their rights to the data that they can access. We represent a lot of people who claim NHS data breach compensation because of how common incident can occur. Incidents where employees have abused their right of access to information is not an uncommon problem.

Aftermath of the Hollybrook Medical Centre data breach

As a result of the Hollybrook Medical Centre data breach that Sadiq committed, she appeared at Derby Magistrates Court. Sadiq admitted to unlawfully accessing personal data and has been ordered to pay fines and costs of over £500.00.

Speaking about the incident, the ICO’s Steve Eckersley said:

“People have a right to expect that their personal data will be handled securely. NHS staff have access to great deal of personal sensitive data and are therefore in a position of trust. Ms Sadiq betrayed this trust.

She was an experienced practice manager and had completed relevant training in line with NHS guidelines so would have been aware of appropriate practices in terms of handling personal data.”

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon