This site is intended for health professionals only

Regulator fined £150k for data protection failure

20 February 2013

Share this article

The Nursing and Midwifery Council (NMC) has been fined £150,000 for breaching the Data Protection Act. 
Late last week it was revealed the regulatory body lost three unencrypted DVDs of evidence from vulnerable children and confidential information about a nurse’s misconduct hearing. 
An NMC spokesman said: “We regret the incident, but we want to reassure the public that we recognise the importance of data protection and the need for data security.”
‘Unnecessary risk’ 
Companies are mishandling confidential data “again and again”, according to independent data privacy authority the Information Commissioner’s Office (ICO). 
“NMC’s underlying failure to ensure these discs were encrypted placed sensitive personal information at unnecessary risk,” said ICO director of data protection, David Smith. 
The DVDs were mislaid on the way to a hearing’s venue, though the rest of the evidence arrived. 
No policy, no thought 
“No policy appeared to exist on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered,” said ICO’s David Smith. 
The ICO urged organisations to check their policy on securing personal information, with a reminder that “personal data comes in many forms”. 
‘Disappointing’ decision 
ICO’s decision was described as “disappointing” by the NMC, who claim their policy at the time, “required encryption”.
The spokesman said the DVDs were passed on how they were received from the police – unencrypted. 
“We have many other security measures in place, including a data protection policy, data security guidelines and information security training for employees.” 
The council have strengthened their policies and procedures for the handling of witness evidence, following the fine. 
Fee hike
Late last year the NMC accepted a £20 million grant from the government to protect nurses from increased fees. 
DH hoped this would allow the regulator to “properly tackle” its backlog of fitness to practice cases and improve overall performance. 
In October 2012 NMC raised fees from £76 to £100 per year, revised down from its initial proposal of £120. 
NMC told Nursing in Practice as of February 2013 it has a backlog of 4,326 cases.