Newsflash: Nursing home fined in UK for data protection breach

A nursing home in Northern Ireland has been fined £15,000 by the Information Commissioner  for failing to look after the sensitive personal details in its care.

An investigation by the ICO found widespread systemic failings in data protection at Whitehead Nursing Home at the time of a data breach, when a staff member had taken an unencrypted laptop home, which contained staff and residents personal data on it, and the laptop was then stolen from her house.

Ken Macdonald, Head of ICO Regions, said: “Our investigation revealed major flaws in the nursing home’s approach to data protection…Residents would not have expected their confidential information to have been stored on an unprotected laptop and taken to an employee’s home. Whitehead Nursing Home had totally inadequate provisions for IT security and procedure and poor data protection training.”

This case is a salutary lesson for all providers, but particularly for smaller social care operators, that large fines can be implemented on all sizes of organisations. A £15,000 for a small provider is a large fine commensurate with the potential level of harm and distress which could have occurred.

All providers are urged to review their data protection and data security policies and procedures and ensure their staff training is up to date.

Hempsons regularly advises on data protection and data security and can provide bespoke training to your staff from a one hour over view to a half day more in-depth session. Please contact Philippa Doyle for more details.

A copy of the Whitehead Case can be accessed here and providers are encouraged to access it.