DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: ICO urges more care with personal data as Nursing and Midwifery Council receives £150,000 penalty

Posted on February 15, 2013 by Dissent

The Information Commissioner’s Office has issued  a £150,000 civil monetary penalty to the Nursing and Midwifery Council for breaching the Data Protection Act.

The council regulates nurses and midwifes. As part of its duties, it conducts “fitness to practice” reviews in cases where there are allegations of misconduct. In that capacity, the council sent three DVDs and other information related to a nurse via courier service to a hotel in Cardiff where a hearing was to be held. The DVDs contained unencrypted confidential personal information with audio and visual evidence from two vulnerable children.

The packages were picked up by the courier on October 7, 2011 and delivered to the hotel on October 10, but when the council opened the package, the DVDs were missing, even though there was no sign of tampering with the package.  The DVDs have not been located.

David Smith, Deputy Commissioner and Director of Data Protection, said:

“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again.

While many organisations are aware of the need to keep sensitive paper records secure, they forget that personal data comes in many forms, including audio and video images, all of which must be adequately protected.

“I would urge organisations to take the time today to check their policy on how personal information is handled. Is the policy robust? Does it cover audio and video files containing personal information? And is it being followed in every case?

“If the answer to any of those questions is no, then the organisation risks a data breach that damages public trust and a possible weighty monetary penalty.”

“The Nursing and Midwifery Council’s underlying failure to ensure these discs were encrypted placed sensitive personal information at unnecessary risk. No policy appeared to exist on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered. Had that simple step been taken, the information would have remained secure and we would not have had to issue this penalty.”

Update: ITPRO got a statement from the council that says, in part:

“Our policy, in place at the time, required encryption. We received the DVDs from the police unencrypted but we failed to encrypt them before we sent them on. We very much regret this and have now corrected our practice.”

No related posts.

Category: Health Data

Post navigation

← Froedtert Health notifies patients after computer with patient information infected by virus
Former Pharmacist Sentenced To 25 Months In Prison For Using Patient And Doctor Names To Create Fraudulent Prescriptions →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.