Data breach complaints against organisations that have been dismantled under the Health and Social Care Act will be transferred to new NHS organisations, the Information Commissioner’s Office has warned.
Dawn Monaghan, the ICO’s strategic liaison group manager for public services, told the HC2013 conference that data breaches would not be forgotten just because an organisation no longer existed.
“Any complaints from data protection, any investigations that were underway for a breach of data protection… we don’t just let them fall off the end and put them in the waste bin,” she said.
“They carry on and they are continued with whichever body has legal liability.”
Monaghan told Public Servant magazine that this could result in fines being imposed on new NHS bodies if they had taken over data responsibilities from disbanded organisations.
This could apply to a new clinical commissioning group if a predecessor primary care trust was found to have committed a serious breach of the Data Protection Act.
The regulator has imposed major fines on several trusts for high profile breaches and has the power to issue monetary penalties of up to £500,000.
Source: Public Service