Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The Hollybrook Medical Centre data breach is another example of an employee (or former employee in this case) who has abused their rights of access to data.
In this case, former GP Practice Manager, Shamim Sadiq, was suspended and dismissed on unrelated matters from the Hollybrook Medical Centre in November 2017. The day after the suspension came into force, Sadiq reportedly accessed her work email account and committed a data breach by sending information to her personal email address.
The reason she was able to still access the account was because she was also employed as an advisor for the Care Quality Commission. She therefore still had access to her NHS email account.
The Hollybrook Medical Centre data breach incident committed by Sadiq was discovered when a member of staff was given access to Sadiq’s account after her suspension. The email forwarding was discovered, and Sadiq was duly referred to the Information Commissioner’s Office (ICO) for the breach.
The data that was misused was information relating to 13 application forms for vacancies at the Practice. The misused data included names, addresses, email addresses, National Insurance numbers and the information of referees.
There was no lawful reason for the data to have been forwarded to her personal email address.
Ultimately, the Hollybrook Medical Centre data breach incident happened because of the illegal actions of a former employee. Sadiq retained access to her NHS account as a result of her special advisory role to the CQC.
So, could it have been stopped?
There could be the argument that, as she still had access to the account, there was nothing that could have been done. In the alternative, perhaps the Practice ought to have foreseen that an incident could occur on the basis that she would still have access to her account.
Ultimately, this is another case of an NHS employee abusing their rights to the data that they can access. We represent a lot of people who claim NHS data breach compensation because of how common incident can occur. Incidents where employees have abused their right of access to information is not an uncommon problem.
As a result of the Hollybrook Medical Centre data breach that Sadiq committed, she appeared at Derby Magistrates Court. Sadiq admitted to unlawfully accessing personal data and has been ordered to pay fines and costs of over £500.00.
Speaking about the incident, the ICO’s Steve Eckersley said:
“People have a right to expect that their personal data will be handled securely. NHS staff have access to great deal of personal sensitive data and are therefore in a position of trust. Ms Sadiq betrayed this trust.
She was an experienced practice manager and had completed relevant training in line with NHS guidelines so would have been aware of appropriate practices in terms of handling personal data.”
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020