A trust has been reprimanded by the Information Commissioner’s Office (ICO) for exposing a domestic abuse victim to risk by disclosing their address to an ex-partner.
University Hospitals Dorset Foundation Trust is one of only seven organisations in the UK – and the only NHS organisation – to have received a reprimand since July 2022 for a data breach involving a victim of domestic abuse.
According to new details released by the ICO, University Hospitals Dorset received a reprimand in April this year over a procedure it had in place that, when sending correspondence by letter, would include the full addresses of all recipients of that letter without their consent to do so.
In the case that was referred to the ICO, the subject of the data breach had their full address revealed to their ex-partner despite previous allegations of abuse, which has created a “risk of unwanted contact which will remain”.
The ICO concluded that, while the subject did not request their address be withheld, it would not be a reasonable expectation that personal information would be shared without prior consent.
The report raised concerns that UHD did not have a clear policy in place for managing situations where there are parental disputes and that no formal training was provided to administrative staff for dealing with such circumstances.
Read full story (paywalled)
Source: HSJ, 2 October 2023