PERFORMANCE: Royal Cornwall Hospitals has breached the Data Protection Act by disclosing third party personal data on two occasions, the Information Commissioner’s Office has said.
The first breach happened in July 2010 when an individual received a response to a subject access request for information the trust held about them. Instead of sending the requester information solely about them, the trust disclosed someone else’s information.
A similar disclosure occurred in December 2010 when the same requester received a second subject access response containing third party information.
Trust chief executive Peter Colclough has signed an undertaking to ensure that procedures for dealing with subject access requests are clearly defined and managed, and that all staff receive appropriate training and support in how to follow them.
4 April 2011