NMC hit with £150k fine for data security breach
The Nursing and Midwifery Council has been fined £150,000 after it lost three DVDs linked to a misconduct hearing.
The DVDs included personal information and evidence from two vulnerable children, sparking criticism and a fine from the Information Commissioner for breaching the Data Protection Act.
The breach relates to events in October 2011, when NMC officials arranged for evidence to be couriered to a fitness to practise hearing venue.
When the packages arrived at their destination, the discs were not present and there were no signs of tampering. The regulator carried out extensive searches to find the DVDs, but they have never been recovered.
The ICO was particularly scathing after its investigation found the information on the DVDs was not encrypted.
David Smith, director of data protection at the ICO, said: “The NMC’s underlying failure to ensure these discs were encrypted placed sensitive personal information at unnecessary risk.
“No policy appeared to exist on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered. Had that simple step been taken, the information would have remained secure and we would not have had to issue this penalty.”
An NMC spokesman said it was disappointed at the ICOs decision to impose a fine.
He said: “We regret the incident, but want to reassure the public and all our stakeholders that we recognise the importance of data protection and the need for data security.
“The cause of the incident is understood to have been an isolated human error.”
The nursing regulator’s shaky financial position prompted it to raise the annual registration fee on 1 February, from £76 to £100, and accept the offer of a government grant worth £20m.