ICO fines Nursing and Midwifery Council £150,000

The Information Commissioner’s Office has urged organisations to review their policies on how personal data is handled, after the Nursing and Midwifery Council was issued a £150,000 civil monetary penalty for breaching the Data Protection Act.

The council arranged for the DVDs, which contained confidential video files relating to alleged offences by a nurse as well information about two vulnerable children, to be couriered to a hearing in October 2011. Upon arrival it was found that the package didn’t contain the DVDs.

The council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. An ICO investigation found the information was not encrypted. The DVDs are yet to be found.

David Smith, Deputy Commissioner and Director of Data Protection, said:

“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again.
While many organisations are aware of the need to keep sensitive paper records secure, they forget that personal data comes in many forms, including audio and video images, all of which must be adequately protected.”

Further details about today’s case can be found on the ICO’s civil monetary penalty notice page.