From the Information Commissioner’s Office:
An undertaking to comply with the seventh data protection principle has been signed by Croydon Health Services NHS Trust.
This follows an incident where correspondence giving the outcome of a patient complaint had been misaddressed resulting in sensitive personal data being sent to an unintended recipient.
On investigation the ICO discovered that, although the Trust had some organisational measures in place, the error had been made by a temporary bank staff employee who had not received all the appropriate training and guidance in relation to the role they were expected to fulfil; there was a lack of a formal checking procedure to ensure the accuracy of correspondence as to both address and content before dispatch; key recommendations from previous breach investigation reports in relation to similar incidents had not been implemented and were identified as being a major contributory factor in relation to this breach.