The ICO Information Commissioner’s Office (ICO) has issued a fine to a London-based pharmacy for £275,000. This was for failing to ensure the security of special category data.
We have all heard about Marriott and British Airways receiving a GDPR fine for data protection regulatory breaches. However, it’s not just big companies that can be fined by the ICO. Doorstep Dispensaree Ltd is a supplier of medicines to customers and care homes. The pharmacy left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware.
The documents contained names, addresses and dates of birth of many people. Also discovered were NHS numbers, medical information and prescriptions belonging to an unknown number of people.
Some of the documents had not been appropriately protected against the weather and were therefore water damaged. The documents were dated between June 2016 and June 2018. Explaining their reason for the fine, the ICO stated that the company had “failed to process data in a manner that ensures appropriate security against unauthorised or unlawful processing and accidental loss, destruction or damage is an infringement of the General Data Protection Regulations (GDPR).”
The ICO launched its investigation into Doorstep Dispensaree after it was alerted to the insecurely stored documents. Th alert came from the Medicines and Healthcare Products Regulatory Agency, which was carrying out its own separate enquiry into the pharmacy.
In setting the fine, the ICO only considered the contravention from 25th May 2018, when the GDPR came into effect.
An enforcement notice pharmacy has been issued to the business also. This is due to the significance of the contraventions and ordered to improve its data protection practices within three months. Failure to do so could result in further enforcement action.
This is typical of what is happening currently. Businesses have not assessed the dat they hols, how they store it and how long they retain it. does this sound like you? If it does, book a free one hour, no obligation, consultation here and let us help you understand the data in your business.