Regular readers will note that we often feature developments in the area of data privacy enforcement and powers relating to breaches of information rights. In another example of data privacy infringement, following an investigation by the Information Commissioner's Office, a Northern Irish care home has been fined £15,000. The breach that triggered the investigation occurred after an employee at the Whitehead Nursing Group care home had taken an unencrypted work laptop home, which was then stolen during a burglary. The laptop had details of residents' birth dates and health records and disciplinary and sickness records for staff. The investigation uncovered other systemic failings in the care home's data protection. The fine is proportional to the size of the organisation (up to £500,000 being possible), and there were a number of mitigating factors.
What Should Employers Do Next?
Ensure that a robust data protection policy is not only in place, but being complied with by all those with access to sensitive material. Whilst fines to date have been relatively modest, it is clear that the Information Commissioner is prepared to use its powers, which are significant for serious breaches by large organisations.