In investigating two fax-related breaches involving two different employees, the Information Commissioner’s Office found that the Barking, Havering & Redbridge University Hospitals NHS Trust had a very low attendance rate for Information Governance training. Thus, although the trust had taken some steps to prevent breaches involving faxes being sent to the wrong fax number, and although a Confidentiality and Disclosure Policy and Fax Policy were in place at the time of the incidents, neither employee involved in the incidents had received the supposedly mandatory Information Governance training.
The ICO’s investigation also revealed that the overall attendance rate for the training across the trust was between 35 and 40%.
As a result, the ICO had the trust sign an undertaking to ensure that attendance for its mandatory Information Governance training is properly enforced. The trust is also required to keep an accurate record of who has received the training.