MSHB

News

We provide tailored and innovative solutions.

Miller Samuel Hill Brown Solicitors Blog

From time to time we will post news articles and announcements relating to the firm and to various legal issues that may be of interest to you.

Failures in Data Protection can be Costly

The Information Commissioner (ICO) recently imposed a fine of £15,000 on a Nursing Home in Northern Ireland for failure to keep personal data secure.

A member of staff had taken an unencrypted work laptop home, which was then stolen during a burglary in the night. The laptop contained personal details about staff (including records of sickness absence and disciplinary matters) and residents of the home (including their date of birth and details of their mental and physical health). Such data concerning health in particular is defined as ‘sensitive personal data’ by the Data Protection Act.

An investigation subsequently found widespread failings in data protection, noting that the nursing home had inadequate provision for IT Security and no policies in place regarding the use of encryption, for homeworking and the storage of mobile devices, nor did they provide sufficient data security training to staff.

The penalty was fixed at £15,000 because of the size of the nursing home business, but a bigger organisation experiencing a similarly serious breach would expect to receive a much larger fine.

This case highlights the possible consequences of a serious data breach and is a reminder that all personal data should be processed in line with the eight principles set out in the Data Protection Act, being that data held should be:

  1. Fairly and lawfully processed, including not being processed unless certain conditions set out in the Act are met;
  2. Processed for limited purposes
  3. Adequate, relevant and not excessive
  4. Accurate and up to date
  5. Not kept for longer than necessary
  6. Processed in line with data subjects' rights
  7. Not transferred to other countries without adequate protection.

In the case above it was security which was the key issue. Appropriate measures should be taken to prevent unauthorised processing or access to personal data and against loss or destruction of data. Consideration should be given to whether staff require training, where data is held, what devices or information are permitted to be taken off the premises and what security measures for such information might be appropriate.

Contact our Employment Lawyers, Glasgow

If you would like information on the above matter or any other employment law issue, then please contact our employment solicitors today.

Lockdown-easing dates: A rocky road ahead

By accepting you will be accessing a service provided by a third-party external to https://www.mshblegal.com/