Recent data security challenges in the health and social care sector — what is your response?

By David Hall

The latest exercise of its powers by the Information Commissioner’s Officer (ICO), which is the regulator under the Data Protection Act 1998, brings the issue of data security home to roost in the health and social care sector.

In the most recent reported incident of data security in the sector, which happened in August 2013, files managed by a Welsh home care provider (Neath Care) relating to 10 vulnerable and elderly people were found on a street in Neath Port Talbot. The papers included personal care plans and sensitive information about the service users’ health. Unfortunately, on this occasion, the care-home provider did not detect the error and the papers were found, and the incident reported, by a member of the public. It is even more concerning, however, that before the files were dropped in the street, it appears they had been outside the care provider’s premises (in a staff member’s possession but undetected by the care provider) for 10 weeks.

Unsurprisingly, the ICO intervened in this case and heavily criticised Neath Care for the breach of the service users’ data security. The approach taken by the ICO shows, however, that when intervening the ICO does not only look at the breach itself but takes into account the quality of your monitoring and training/awareness as well as the organisations’ policies, processes and technical facilities for managing data security…

Click on the link below to read the rest of the Anthony Collins briefing.

Briefings from Anthony Collins

View more briefings from Anthony Collins

Browse This Firm’s


134 Edmund Street
B3 2ES

Turnover (£m): 13.60
No. of Lawyers: 104