ICO investigates after medical records found in skip outside law firm


NHS hospital

The medical records gave details of hospital appointments

The Information Commissioner’s Office (ICO) has launched an investigation after medical records relating to personal injury claims were found in a skip outside a law firm’s former office in St Helens, Merseyside.

The documents, belonging to Woodwards Solicitors, reportedly included details of appointments at local hospitals.

They also included people’s home addresses, phone numbers, NHS numbers, dates of birth, their usual GP, and descriptions of symptoms and treatments relating to a variety of injuries.

Tim Wood, director of Woodwards, told Legal Futures he had reported the data breach to the Information Commissioner’s Office, which was investigating.

“It shouldn’t have happened,” he said. “We are fastidious in our approach to data protection, with a shredding company we’ve used for years.”

Mr Wood said the firm had moved out of the office 18 months ago to a new one on the same street, because it needed more space. He said he believed that the only thing left behind was rubbish, which needed to be cleared before the lease on the old office expired in the autumn.

“Guys were coming in one weekend and filling a skip,” he said. “The box containing the documents was sealed. They must have assumed it was rubbish and dumped it in the skip with the rest.

“Unfortunately the contents were not checked. The damage was minimised because the person who found them immediately reported it to us within the hour.

“It was a genuine error and a very unfortunate mistake. Happily the records did not fall into the wrong hands and the damage was limited. All I can do is ensure it never happens again.”

A spokeswoman for the ICO said: “We are aware of an incident involving Woodwards and we are making enquiries.”

Mr Wood said he had also reported the data breach to the Solicitors Regulation Authority (SRA). A spokesman for the SRA confirmed this.

In a separate development, the Retail Motor Industry Federation (RMI) said “market intelligence” from a number of members had shown that drivers’ personal data, including phone numbers and addresses, appeared to have been accessed by “third parties” not involved in repairing the cars.

The spokesman said that for several months, RMI Bodyshops – which is comprised of the National Association of Bodyshops and the Vehicle Builders and Repairers Association – had been investigating a “potentially serious breach of repairer management systems confidentiality and the apparent release of personal data to third party legal firms and accident management companies”.

Jason Moseley, executive director at RMI Bodyshops said: “As part of an internal investigation, one of the bodyshops involved entered fictitious data into the system to attempt to draw out a reaction.

“Within a few hours of this data entry, a call was received from an accident management company trying to leverage a compensation claim.

“RMI Bodyshops and its members informed the necessary authorities and have been working together with them behind the scenes.”

Jonathan White, legal director of National Accident Helpline, said the bodyshop data breaches gave a “real insight” into the unscrupulous activities affecting the personal injury market.

Following the revelations, there needed to be a “full investigation as to whether this data is being illegally sold on as a result of the actions of rogue employees, hacking or, more worryingly, as a revenue generation activity by those capturing the data”, he said.

Tags:




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


Use the tools available to stop doing the work you shouldn’t be doing anyway

We are increasingly taken for granted in the world of Do It Yourself, in which we’re required to do some of the work we have ostensibly paid for, such as in banking, travel and technology


Quality indicators – peer recommendations over review websites

I often feel that I am banging the SRA’s drum for them when it comes to transparency but it’s because I genuinely believe in clarity when it comes to promoting quality professional services.


Embracing the future: Navigating AI in litigation

Whilst the UK courts have shown resistance to change over time, in the past decade they have embraced the use of some technologies that naturally improve efficiency. Now we’re in the age of AI.


Loading animation