Department of Health 'breached Data Protection Act'


Department of Health 'breached Data Protection Act'

John-Paul Kamath

The Department of Health has breached the Data Protection Act, the Information Commissioner's Office has ruled following an investigation into a security breach on the Medical Training Application Service (MTAS) website.

The security breach made details about junior doctors, including religious beliefs and sexual orientation, available to anyone accessing the site.

"This is an unacceptable breach of security. It is essential that the Department of Health takes the appropriate measures that we have outlined in order to protect individuals' personal information," said Mick Gorrill, assistant commissioner at the ICO.

The Information Commissioner's Office has made the Department of Health sign a formal undertaking to comply with the principles of the Data Protection Act.

The Department of Health will now be required to encrypt any personal data on its website that could cause distress to individuals if disclosed. Regular penetration and vulnerability testing must also be carried out on developing applications and systems to minimise unauthorised access. The Information Commissioner's Office has also ruled that staff should be trained in compliance with the Data Protection Act.

Failure to meet the terms of the undertaking is likely to lead to further enforcement action by the ICO and could result in prosecution.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy