Reading:
U-turn in Worcester GP data breach case
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
NHS England has ruled in an investigation into a Worcester GP data breach after previous findings suggested that the law had not been broken.
In this unusual case, the Severn Valley Medical Practice reportedly posted information online about a patient. Initially, the Practice is understood to have disputed that any data protection breach had occurred. Since then, NHS England and the Information Commissioner’s Office (ICO) both agree that the incident was a failure to comply with data protection obligations.
Another element that makes this case unusual is about allegations made surrounding the Data Protection Officer (DPO) who reportedly claimed there wasn’t a breach in the first place.
We believe that this particular Worcester GP data breach case is an important one to look at. We have what appears to be an attempt by a DPO to dispute that a breach has taken place as part of internal investigations. It has then taken NHS England and the ICO to affirm that the posting of patient information online was a breach.
On the face of it, any posting of patient information online can easily be a medical data protection breach. The issue as to alleged false claims made by the DPO is an additional concern. We ought to be able to trust that a DPO will have the best interests of a data subject at heart. In this case, it appears to look like the incident that stemmed from a Freedom of Information request was being brushed aside.
It’s understood that the DPO has reportedly may have inflated claims about his legal experience and qualifications in the past. This is particularly concerning in an age when data protection is so important, as is clarity when it comes to data security.
Now there has been a finding in the Worcester GP data breach investigation, an apology has been issued. It’s also understood that the problems surrounding the original dispute about there not being a breach is also going to be looked at.
Speaking about the incident, the ICO said that Severn Valley Medical Practice had “not complied with their data protection obligations” and that the data in question was “inappropriately disclosed”.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
