recent work

Royal Cornwall Hospitals Trust signs formal undertaking for Data Protection Act breach.

The ICO has confirmed that Royal Cornwall Hospitals NHS Trust has signed a formal undertaking after acknowledging that it twice breached the Data Protection Act in 2010.

Although full details of the incidents haven’t been released, it is clear that on both occasions, information regarding third parties was sent to an individual, after the individual requested information solely about them.

Acting Head of Enforcement, Sally-anne Poole, said:

“More and more people today want to find out exactly what information their GP or hospital holds about them, making subject access requests an increasingly popular tool.

“However, just because staff are busy with requests, this does not mean they can stop doing adequate checks before information is sent out. I am pleased that Royal Cornwall NHS Hospital Trust has agreed to take the necessary steps to make sure this sort of incident doesn’t happen again.”

A full copy of the undertaking can be viewed here:

Absolute Data works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked and under-funded in organisations and an area where we can have a big impact for a modest investment. By having a documented procedural system for data management, the chances of getting it right first time will be increased. By reviewing such systems, organisations will continually improve data management systems. This is something that Absolute Data does and can help you with.
For further information, please contact us now at