London’s Bayswater Medical Centre (BMC) has been fined £35,000 by the Information Commissioner’s Office after it left highly sensitive medical information in an empty building. The personal data, including medical information, prescription and patient-identifying records was left unsecured in the building for more than 18 months. The ICO found that the severity of the breach merited a fine of £80,000, but this was reduced to £35,000 after BMC’s ability to pay was taken into account.
- Secure your premises and any personal data that you hold;
- If you are an organisation that holds highly sensitive personal information the ICO will expect you to understand that disclosure or loss of such information would cause substantial damage and distress; and
- The ICO will look at any delay you cause in failing to secure personal information as quickly as possible.