Faye Caughey, a former Heart Of England NHS Foundations Trust administrator, has been prosecuted for accessing the medical records of patients without authorisation and without any need to do so. The records related to family members and children known to her, and came from the HEFT iCare and CareFirst system.
She was fined £1000 under the Data Protection Act 1998, and ordered to pay costs of £590 and a victim surcharge of £50
“People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws.”
Mike Shaw, ICO Criminal Investigations Team
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.
Leave a Comment