Tag Archives: Penalties

Health care firm fined £200,000 after patients’ confidential conversations were revealed online

An English private health company has been fined £200,000 after its Indian subcontractor failed to keep fertility patients’ personal information secure.

An investigation was commenced in April 2015 when a patient found that transcripts including details from interviews with hospital patients could be freely accessed by searching online.

The investigation revealed the hospital had been routinely sending unencrypted audio records of the interviews by email to the Indian subcontractor. Details of private conversations between a doctor and various hospital patients wishing to undertake fertility treatment were transcribed in India and then sent back to the hospital. It was found that the Indian company could not restrict access to the personal information because it stored audio files and transcripts using an unsecure server.

The English company was fined as it had breached the Data Protection Act 1998 by failing to ensure that its sub-contractor acted responsibly in compliance with the Data Protection Act.

This case shows the importance of ensuring that appropriate subcontracts are in place and enforced. If you feel your subcontracts might need checking, I would be happy to help.

Please drop me an email or give me a call.

Karen Mason

Custodial penalties for data protection offences?

The Information Commissioner expressed his views twice in January that the court should have a broader range of penalties at its disposal when sentencing offences under the Data Protection Act 1998, including custodial and suspended sentences and community service. The current maximum penalty is an unlimited fine.

The Criminal Justice and Immigration Act 2008 makes unlawfully obtaining personal data punishable by up to two years in prison, but the relevant section is yet to be enacted.

Increased penalties for online copyright infringement

The government is consulting on increasing the maximum custodial sentence for online  copyright infringement to ten years (in line with physical copyright infringement).

This was first recommended in 2006 and is supported by the current government following recommendations by the Intellectual Property Office in March this year.

The government considers that on-line infringement has become more significant and that there is no good reason for treating online infringement any differently to physical infringement, particularly given that there are links between online infringement and other criminal behaviour.

The consultation closes on 17 August 2015.