NHS trust criticised for data protection breaches after subject access requests

April 4, 2011

The Information Commissioner’s Office has criticised a health trust in Cornwall for disclosing third-party personal data on two occasions in 2010.

The watchdog’s head of enforcement, Sally-anne Poole, said: “More and more people today want to find out exactly what information their GP or hospital holds about them, making subject access requests an increasingly popular tool.

“However, just because staff are busy with requests, this does not mean they can stop doing adequate checks before information is sent out.”

The ICO said the Royal Cornwall Hospitals NHS Trust had breached the Data Protection Act in July and December last year.

On the first occasion, an individual had submitted a subject access request for information the trust held about them. In addition to sending the requested information, the trust send someone else’s information.

A further disclosure six months later also saw the requester – the same individual – receive third party information.

Royal Cornwall’s chief executive, Peter Colclough, has now signed an undertaking “to ensure that procedures for dealing with subject access requests are clearly defined and managed, and that all staff receive appropriate training and support in how to follow them”, the ICO said.

May 09, 2024

Assurance and Improvement Board to replace Commissioners at Liverpool

May 08, 2024

Give local leaders more control over regeneration, says think tank

May 08, 2024

Government issues statutory guidance on best value standards and interventions

May 07, 2024

Audit Wales report highlights governance concerns for national park authorities

See all in this section

SAS Operation Galia

Bravery behind enemy lines in the Second World War. Including additional original photographs and a roll call of the Galia Squad. Cost: £12.50 inc p&p. Includes £1 donation to Ukraine relief charities.

Cornerstone on ASB

A Practical Guide to GDPR for Schools

Written by the specialist Information Law team at well-known Education Law advisors Forbes Solicitors, this book sets out practical guidance and suggestions based on experience of advising schools and colleges on their policies and practices before during and after the change to GDPR and the Data Protection Act 2018.

ASB lawbrief

Dementia and Human Rights

With the fresh analytical tools provided in this book, policy makers and practitioners will gain new insights into how this broader perspective can be used to further promote the quality of life and quality of care for all those affected by dementia.

ASB lawbrief

Care Standards Legislation Handbook Seventh edition

This seventh edition of the Care Standards Legislation Handbook collects in one place and presents in fully updated form all the legislation most needed by those involved in the workings of the regulatory systems, and the appeals processes, for care services in England and Wales.

ASB lawbrief

Community Care Law and Local Authority Handbook Third edition

Community Care Law and Local Authority Handbook examines the duties and responsibilities of local authorities in the provision of community care services particularly following the implementation of the Care Act 2014.

Cornerstone on ASB

Court of Protection Made Clear: A User's Guide (revised 1st ed)

The essential, plain English guide to Court of Protection law & practice.

Essential Law for Cemetery and Crematorium Managers

Essential Law for Cemetery and Crematorium Managers

Commissioned by the Institute of Cemetery and Crematorium Management (ICCM), and written for everyone involved in the bereavement industry this authoritative book provides a complete and practical guide to the law of burial and cremation as it currently applies in England and Wales.

A guide to UK data protection law with relevant provisions of the Data Protection Act 2018

The UK's exit from the European Union has resulted in changes to the principal UK Data Protection legislation namely the EU General Data Protection Regulation 2016 (EU GDPR) and the Data Protection Act 2018 (DPA 2018). The revision of the GDPR, is now known as the 'UK GDPR'.

A practical guide to factitious illness in care proceedings by Sharan Bhachu

A focused practical guide for advocates dealing with cases that involve FII, providing an understanding of the different definitions and terms.

Information Law Cornerstone

Information Rights

A Practitioner's Guide to Data Protection, Freedom of Information and other Information Rights.

ASB lawbrief

Local Authority Liability Seventh edition

Written by a team of specialists in local authority liability claims, this well-established and popular work provides a comprehensive survey of the legal liabilities of local authorities.

Cornerstone on Information Law

Cornerstone on Information Law

Cornerstone on Information Law is a one-volume practical guide focused on data protection law, freedom of information and the environmental information regulations. Covering the GDPR and the Data Protection Act 2018, the title is up to date with adaptations to UK data protection law in the event of Brexit; while also explaining the law before…

Legal Books

Click here to visit the bookstore