recent work

Employee fined for taking employer’s data

Paul Hedges, a former manager of a health service in the UK, was recently fined £3,000 by the Information Commissioner’s Office (ICO) for unlawfully obtaining medical and health information about 2,471 people.

Mr Hedges was working as a Community Health Promotions Manager at Bitterne Leisure Center in Southampton at the time and when he learned that he was about to lose his job sent the information to his personal e-mail account on April 28, 2011 in order that he could start up his own fitness company.

The ICO learned of the breach when patients complained about being approached by Hedges.

“People have a right to privacy and the ICO works to maintain that right,” Information Commissioner Christopher Graham said in a statement. “Nobody expects that their health records will be taken and used in this way. Mr Hedges had been told by Southampton Council about the need to keep patients’ details confidential, but he decided to break the law.”

The Information Commissioner has reiterated his call for tougher penalties to enforce the Act saying “at the very least, behaviour of this kind should be recognised as a ‘recordable offence’ which it isn’t now.”

Tags: , , , ,