recent work

ICO confirms data breach at University Hospital of South Manchester NHS Foundation Trust

Sensitive personal information relating to 87 patients was copied onto an unencrypted memory stick by a medical student and then subsequently lost. The ICO found that the student was not trained properly on induction by the Foundation Trust; the Trust believed the student would have been trained properly in data protection whilst at medical school.

“Medics handle some of the most sensitive personal information possible and it is vital that they understand the need to keep it secure at all times, especially when they are completing placements at several health organisations,” said Sally Anne Poole, acting head of enforcement at the ICO.

“This case highlights the need to ensure data protection training for healthcare providers is built in early on so that it becomes second nature.

“NHS bodies have a duty to make sure their staff – both permanent and temporary – understand their responsibilities on day one in the job.”

Christopher Graham, Information Commissioner, has already raised concerns that the NHS has a “systemic” problem when it came to breaches of the Data Protection Act.

Absolute Data is committed to helping companies and organisations, regardless of their size, create and follow realistic data policies and procedures that are above the law. We can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at or call us on 01423 790125.