Temporary workers still require adequate data protection training, warns ICO

The problem has been highlighted following four data breaches at the Great Ormond Street Hospital for Children NHS Foundation Trust. The breaches all occurred between 28 January 2012 and 18 June 2013 and were caused by letters being sent to the wrong address. The letters included information about the treatment of five patients.

The ICO’s investigation found that three of the incidents related to the work of temporary staff who had not received adequate data protection training, despite their role routinely involving the handling of personal information. The trust also had no measures to check whether letters were being addressed to the correct recipient before sending.

ICO Enforcement Group Manager, Sally Anne Poole, said: “This time of year often coincides with a rise in the number of temporary workers being employed across the UK. However the temporary nature of their employment doesn’t absolve employers of their legal responsibilities for making sure people’s information is being looked after correctly.

“If organisations are employing temporary or agency workers into positions that involve the handling and sending out of personal information then they must make sure these staff have received adequate data protection training. Great Ormond Street Hospital for Children NHS Foundation Trust failed to do this and have now been required to sign an undertaking with our office to improve their practices.”