The Sheffield Telegraph reports:
Sheffield Council could be fined up to half a million pounds for breach of the Data Protection Act after confidential paperwork about mental health patients was found ‘blowing around’ a city centre street.
Well yes, it’s pretty much true for any breach that the entity could be fined and the maximum is half a million pounds. But the paper’s headline, “Threat of massive fine over Sheffield council data breach,” seems a bit misleading as it’s not like the council has already been informed that it will be fined at all, much less massively. That said, this does seem to be the kind of breach where the ICO has handed out fines in the past because of the harm to individuals.
Read more on Sheffield Telegraph.
The Star reported more details on the breach itself, noting that a bundle of documents concerning three patients containing full names, dates of birth and telephone numbers as well as medical records and care plans had been found “blowing around” a city street. The papers had been turned over to the paper by the individual who found them.
In one case, the paperwork relates to a decision to section a woman with a history of absconding from previous addresses, who needed ‘urgent deprivation of liberty’ to prevent harm to herself.
She is a patient at a small care home in the west of the city.
Papers from the second case included a detailed log of a man’s behaviour over several days, along with medical papers relating to an injury he is believed to have suffered and information about treatment received.
Neither of the two care homes involved would comment about the loss of the paperwork.
The third case was of a patient not in a care home, who had been put under a placement with a carer.
As a healthcare professional, this type of breach is a nightmare on so many levels.