ICO fines a nursing home £15,000 for failing to keep personal information secure

The Information Commissioner's Office (ICO) fined Whitehead Nursing Home in County Antrim, Northern Ireland, £15,000 for failing to keep the personal information they hold secure.

The breach occurred when a member of staff took an unencrypted work laptop home, which was stolen during a burglary overnight. The laptop contained sensitive personal details relating to 46 staff and about 29 residents.

An ICO investigation found that the nursing home failed to implement any policies regarding the use of encryption, homeworking and the storage of mobile devices or provide enough data security training.

The ICO decided that the appropriate penalty was £15,000 because of the size of the nursing home business. A bigger organisation experiencing a similarly serious breach would expect to receive a much larger fine.

For more information on Data Protection offences, see Practice note, Data Protection Act 1998: criminal enforcement.

Source: ICO: Press release: Northern Irish nursing home fined by Information Commissioner's Office, 25 August 2016.