BBC Reports on Alleged Data Breach by Medical Worker
Published on: 14th November 2018
By PYXI GDPR Team
This incident appears to be an act of deliberate misuse of personal data about patients by an employee of Cross House Hospital in Kilmarnock, Scotland. You can read the story on the BBC website here.
The contact details were used by a medical worker to make contact with the patients between April and September 2018.
NHS Ayrshire and Arran's Medical Director is quoted as saying:
"We are working closely with Police Scotland and the Information Commissioner's Office. As this is an ongoing police investigation, we are not able to confirm any further details."
Although the details are still be investigated, and should be published on the ICO website in due course, it is difficult to identify preventative measures in these kinds of deliberate (potentially criminal) cases. The only potential mitigration is to prevent access at source, but where this is not possible there is always going to be a risk of people deliberately flouting the law and data protection policies. Vigilance is key to ensuring the safety of personal data, and clear analysis of risk needs to include consideration of deliberate misuse of this kind.
PYXI GDPR Team: 14th Nov 2018 06:59:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more