The Nursing and Midwifery Council (NMC) has been fined £150,000 for breaching the Data Protection Act.
Late last week it was revealed the regulatory body lost three unencrypted DVDs of evidence from vulnerable children and confidential information about a nurse’s misconduct hearing.
An NMC spokesman said: “We regret the incident, but we want to reassure the public that we recognise the importance of data protection and the need for data security.”
Companies are mishandling confidential data “again and again”, according to independent data privacy authority the Information Commissioner’s Office (ICO).
“NMC’s underlying failure to ensure these discs were encrypted placed sensitive personal information at unnecessary risk,” said ICO director of data protection, David Smith.
The DVDs were mislaid on the way to a hearing’s venue, though the rest of the evidence arrived.
No policy, no thought
“No policy appeared to exist on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered,” said ICO’s David Smith.
The ICO urged organisations to check their policy on securing personal information, with a reminder that “personal data comes in many forms”.
ICO’s decision was described as “disappointing” by the NMC, who claim their policy at the time, “required encryption”.
The spokesman said the DVDs were passed on how they were received from the police - unencrypted.
“We have many other security measures in place, including a data protection policy, data security guidelines and information security training for employees.”
The council have strengthened their policies and procedures for the handling of witness evidence, following the fine.
Late last year the NMC accepted a £20 million grant from the government to protect nurses from increased fees.
DH hoped this would allow the regulator to “properly tackle” its backlog of fitness to practice cases and improve overall performance.
In October 2012 NMC raised fees from £76 to £100 per year, revised down from its initial proposal of £120.
NMC told Nursing in Practice as of February 2013 it has a backlog of 4,326 cases.
Having practiced for 37 without comment I am currently subject to an NMC FTP investigation. Needless to say I utterly refute the matters brought by my former rogue NHS employer. However it is the NMC's contribution which causes me particular concern. Their solicitor has returned and embellished original prosecution details immedietelly accounted for and thus dropped at the time and has created a whole new charge suggesting that the use of my home computer to write a letter of complaint about directly observed patient abuses (which resulted in two internal inquiries and the written thanks of the Tust CEO) constitutes a "breach of patient confidentiality". Moreover the NMC solicitors written case spliced two key documents back to back making the presentation incomprehensible. Nevertheless the hearing convened to decide whether to pass it on to the Practice and Conduct committee did so without a second thought and failed to note this gross error. Therefore the panel clearly didnt read its own material. If the NMC are not reading its own material then what chance of it reading the registrants?
I have taken out a formal complaint.
The fact that the NMC were fined by the ICO £150000 for a data breach has yet to appear on the NMC website.
The NMC must hope that nobody notices either the fact that they have breached the Data Protection Act nor that it has been fined. Poor example set by the nurse regulator.
Well, they can always force another registration fee hike on nurses, to help pay for NMC incompetence!
Why is it that nurses have to pay a yearly registration fee and doctors don't?
Very dissapointed in this breach costing £150,000, especially when our fees have been raised!!!!!!
You are currently leaving the Nursing in Practice site. Are you sure you want to proceed?