BBC Reports on Alleged Data Breach by Medical Worker

Published on: 14th November 2018
By PYXI GDPR Team


This incident appears to be an act of deliberate misuse of personal data about patients by an employee of Cross House Hospital in Kilmarnock, Scotland. You can read the story on the BBC website here.

The contact details were used by a medical worker to make contact with the patients between April and September 2018.

NHS Ayrshire and Arran's Medical Director is quoted as saying:

"We are working closely with Police Scotland and the Information Commissioner's Office. As this is an ongoing police investigation, we are not able to confirm any further details."

Although the details are still be investigated, and should be published on the ICO website in due course, it is difficult to identify preventative measures in these kinds of deliberate (potentially criminal) cases. The only potential mitigration is to prevent access at source, but where this is not possible there is always going to be a risk of people deliberately flouting the law and data protection policies. Vigilance is key to ensuring the safety of personal data, and clear analysis of risk needs to include consideration of deliberate misuse of this kind.

PYXI GDPR Team: 14th Nov 2018 06:59:00