Personal sensitive information of tens of thousands of people has been breached by PSL Print Management. PSL is a consultancy firm working with the NHS. The company who is based in Preston is earning millions from payments from the NHS, according to the Daily Mail.
How did the breach happen?
The breach was discovered when a whistleblower requested all the emails and text messages relating to his employment at PSL. The person was sent a memory stick which contained the firm’s entire email server. This showed patient letters attached between PSL staff and a printing firm (Datagraphic).
What personal data was included?
The letters contained names, addresses and telephone numbers, NHS numbers as well as very sensitive information of patients and children, including appointment details for women who suffered miscarriages, cervical screenings and letters to parents regarding children’s medical procedures.
The breach was reported to the Information Commissionaire’s office according to an NHS spokesman, and the ICO has launched an investigation on Sunday. The ICO will have to decide who is ultimately responsible for the breach – the NHS or PSL.
Consequences
The ICO will probably impose a fine on the organisation responsible pending their investigation. In additional to this, as this has been a massive failure to protect patient’s confidentiality, those affected may have a right to claim compensation for a data protection breach. Organisations have a responsibility to protect personal data. Therefore, they should be held accountable when they place people at risk and/or when their actions cause people distress.
If you have suffered a data breach as a result of the actions of the NHS or any other organisation, please get in touch and our specialist solicitors at DRM Legal will advise if you can bring a data breach claim.