Published on Friday, January 10, 2020 - 14:36 by Cameron Troake
The ICO has issued an important reminder on how data doesn’t always take a digital format. An Edgware-based pharmacy in London has been fined £275,000 for the “careless” storage of its patients’ special category data.
Doorstep Dispensaree Ltd provides medicines to customers and care homes and left roughly 500,000 documents in unlocked containers at the back of its site.
These documents were dated between June 2016 to June 2018 and included customer names, addresses, dates of birth, NHS numbers, medical information and prescriptions. They had also not been properly safeguarded against the weather and were water damaged.
It is a breach of the GDPR and DPA 2018 to fail to process data in a way that ensures appropriate security against unauthorised or unlawful processing and accidental loss, destruction or damage.
The ICO was alerted to the insecurely stored documents by the Medicines and Healthcare Products Regulatory Agency, which was carrying out its own separate enquiry into the pharmacy.
Steve Eckersley, Director of Investigations at the ICO said: “The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss. This falls short of what the law expects and it falls short of what people expect.”
In setting the fine, the ICO only considered the breach from 25 May 2018, when the GDPR came into effect. Doorstep Dispensaree has also been ordered to improve its data protection practices within three months - otherwise further enforcement action could result.
If you are interested in any of our services then please either use the contact form or contact us via of the methods below: