ICO fines organisation for abandoned medical records


London’s Bayswater Medical Centre (BMC) has been fined £35,000 by the Information Commissioner’s Office after it left highly sensitive medical information in an empty building.  The personal data, including medical information, prescription and patient-identifying records was left unsecured in the building for more than 18 months.  The ICO found that the severity of the breach merited a fine of £80,000, but this was reduced to £35,000 after BMC’s ability to pay was taken into account.

Top Tips:

  • Secure your premises and any personal data that you hold;
  • If you are an organisation that holds highly sensitive personal information the ICO will expect you to understand that disclosure or loss of such information would cause substantial damage and distress; and
  • The ICO will look at any delay you cause in failing to secure personal information as quickly as possible.