Man pleads guilty to NHS Bury data breach

Martin Campbell, 31, former employee of the personal injury claims company Direct Assist, was prosecuted under section 55 of the Data Protection Act after illegally accessing private data through his former partner, who worked for the primary care trust.

According to the Information Commissioner’s Office, Mr Campbell had obtained personal information for around 30 patients from his then-girlfriend, Dawn Makin, who worked as a nurse at the trust.

All the patients had attended the PCT’s Prestwich and Moorgate walk in centres in Bury, and had been involved in accidents, and their information was used to generate business for Direct Assist.

Mr Campbell was caught when a number of patients contacted NHS Bury complaining that they had been contacted by a man who asked them about injuries and encouraged them to make a personal injury claim.

The PCT found that the patients’ files had been accessed by Ms Makin without legitimate reason, and reported the breach to the ICO.

The ICO did not prosecute Ms Makin as it did not consider action against her to be in the public interest. Ms Makin has been in hospital since February, when she was discovered unconscious beside the body of her four-year-old daughter.

Mr Campbell was ordered to pay a fine of £1,050, £1,160 towards prosecution costs, and a £15 “victims surcharge”.

Information Commissioner, Christopher Graham, said: “Martin Campbell would have known that obtaining the information was unlawful and yet he put his greed ahead of peoples’ privacy rights.

“The ICO will always pursue prosecutions where individuals breach both their duty of confidentiality and the Data Protection Act. Those whose responsibilities include the custodianship of sensitive personal data should take note.”