Hi Naomi
The ICO actually has the prosecutorial powers (see s197 DPA), so they will normally investigate the matter themselves (so no need for you to involve or contact the police).
Sent from my iPhone
> On 20 Nov 2019, at 15:52, Naomi Lunn <[log in to unmask]> wrote:
>
> Thank you all, this is all most helpful and has vindicated our initial response of reporting it.
> In terms of it being an offence - is it up to us to report to the Police, or will the ICO do that if they deem it necessary? Sorry if that's an obvious question.
>
>
>
>
> Naomi Lunn
> Information Governance Lead
> LOROS, Groby Road, Leicester LE3 9QE
> (0116) 231 3771 |loros.co.uk
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Phil Bradshaw
> Sent: 20 November 2019 13:16
> To: [log in to unmask]
> Subject: Re: [data-protection] Breach query
>
> Agree with others.
>
> Unless those accessing have a valid explanation - most unlikely - I would report this to ICO. You should judge risk to rights and freedoms at time of breach - ignoring subsequent decease - and this is access by multiple parties.
>
> Probably does not meet "high risk" GDPR criteria for reporting to subject BUT it was a breach of confidentiality and it is clear in NHS that this should be reported.
>
> See the NHS “Guide to confidentiality in health and social care” published in 2013. This states “In the unlikely event that confidential information about an individual is inappropriately disclosed, the individual should always receive an explanation and an apology."
>
> Obviously we cannot inform the subject but this should be done to his PR - who may or may note be A.
>
> PS - whoever used "unlikely" in the guide was probably new to NHS IG ...
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> https://clicktime.symantec.com/38mS6Nb94crXZ5qEWUHpPjd6H2?u=http%3A%2F%2Fwww.jiscmail.ac.uk%2Flists%2Fdata-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user commands can be found at https://clicktime.symantec.com/3FvcEAg9QZ16xv3ctPBR4YK6H2?u=https%3A%2F%2Fwww.jiscmail.ac.uk%2Fhelp%2Fsubscribers%2Fsubscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Leicestershire & Rutland Organisation for the Relief of Suffering (LOROS) Registered Office: The Leicestershire & Rutland Hospice, Groby Road, Leicester LE3 9QE Registered Charity No. 506120 Company No: 1298456.
>
> The information contained in this e-mail is privileged and confidential. It is intended for the exclusive use of the named addressee. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or any other use of this transmission is strictly prohibited. If you have received it in error, please notify the sender immediately.
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|