In separate cases the Information Commissioner’s Office (ICO) has fined a GP surgery £40,000 and a nursing home £15,000 for breach of the Data Protection Act.

In the case of the GP surgery, details sent to an estranged ex-partner regarding the medical records of the couple’s son included the woman’s contact details, those of her parents and information an older child who was not related to the man. As far as the nursing home was concerned the breach related to the theft of a laptop which held unencrypted patient information. For details see:

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/08/fine-for-gp-surgery-that-failed-to-protect-patient-s-personal-data/

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/08/northern-irish-nursing-home-fined-by-information-commissioner-s-office/

Whilst the fines are relatively small, this reflects the nature of the businesses and no doubt represent significant sums to them. Nevertheless they add to our overall impression that ICO is putting increasing efforts into enforcement.