A former receptionist at a GP surgery in Southampton has been prosecuted by the Information Commissioner’s Office (ICO) for unlawfully obtaining sensitive medical information relating to her ex-husband’s new wife.
Appearing at West Hampshire Magistrates today, Marcia Phillips was prosecuted under section 55 of the Data Protection Act and fined £750 and ordered to pay a £15 victim surcharge and £400 prosecution costs.
Ms Phillips was found to have accessed the information on 15 separate occasions over a 16-month period while working as a receptionist at the Bath Lodge Practice. The breach became apparent after Phillips left her job and sent a text message to her ex-husband’s partner referring to highly sensitive medical information taken from her medical record.
Deputy Commissioner and Director of Data Protection, David Smith, said:
“This case clearly shows the distress that can be caused when an individual uses a position of responsibility to illegally access sensitive personal information. Ms Phillips knew she was breaking the law, but continued to do so in order to cause harm to her ex-husband’s new wife.
“The nature of her job meant that she will have been in no doubt as to the importance of patient confidentiality. Despite this she repeatedly accessed the victim’s file without a valid reason.”
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a fine of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The ICO continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.
David Smith added:
“We continue to urge the Government to press ahead with the introduction of tougher penalties to enforce the Data Protection Act. Without these unscrupulous individuals will continue to break the law. Action to replace the section 55 ‘fine only’ regime with an effective deterrent is long overdue. This change is not directed at the media and should not be held while Lord Justice Leveson’s recommendations on data protection and the media are considered.”