Pharmacy receives first ever fine for breaking GDPR rules

December 31 15:11 2019 Print This Article

Apharmacy has been fined £275,000 for “cavalier” disposal of records about vulnerable care home residents, in the first fine issued for breaching GDPR rules.

The London company, which supplies medicines to thousands of elderly care home residents, will be forced to pay £275,000 for dumping 500,000 medical documents containing sensitive information outside in unlocked containers.

The documents included names, addresses, dates of birth, NHS numbers, medical and prescription information.

The Information Commissioners’ Office said the firm – Doorstep Dispensaree Ltd – had taken a “cavalier” attitude towards General Data Protection Regulation rules, which came in last year.

The company, on Burnt Oak Broadway in Edgware, was found to have left “approximately 500,000 documents” in unlocked crates, disposal bags and a cardboard box in a rear courtyard of the premises.

Steve Eckersley, Director of Investigations at the ICO said: “The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss. This falls short of what the law expects and it falls short of what people expect.”

According to an enforcement notice issued by the ICO, the documents contained names, addresses, dates of birth, NHS numbers, medical information and prescriptions.

The ICO said the documents were “not secure and they were not marked as confidential waste”, adding that some “were soaking wet, indicating that they had been stored in this way for some time”.

The watchdog said: “The data subjects can be very readily identified and linked to data concerning their health.

“Given the nature of Doorstep Dispensaree’s business supplying medicines to care homes, it appears likely that a high proportion of the affected data subjects are elderly or otherwise vulnerable.”

While the ICO said the number of people “affected by the breach cannot be confirmed,” it estimated that the documents “related to around 78 care homes”.

“Regardless of the exact number of care homes involved, given the volume of documentation and size of Doorstep Dispensaree’s business, it appears likely that hundreds and possibly even thousands of data subjects have been affected,” the penalty document said.

The original article was posted here: https://www.telegraph.co.uk/news/2019/12/20/pharmacy-receives-first-ever-fine-breaking-gdpr-rules/

  Article "tagged" as:
  Categories:
view more articles

About Article Author

Laura Donnelly
Laura Donnelly

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment