Department of Health 'breached Data Protection Act'

News

Department of Health 'breached Data Protection Act'

John-Paul Kamath

The Department of Health has breached the Data Protection Act, the Information Commissioner's Office has ruled following an investigation into a security breach on the Medical Training Application Service (MTAS) website.

The security breach made details about junior doctors, including religious beliefs and sexual orientation, available to anyone accessing the site.

"This is an unacceptable breach of security. It is essential that the Department of Health takes the appropriate measures that we have outlined in order to protect individuals' personal information," said Mick Gorrill, assistant commissioner at the ICO.

The Information Commissioner's Office has made the Department of Health sign a formal undertaking to comply with the principles of the Data Protection Act.

The Department of Health will now be required to encrypt any personal data on its website that could cause distress to individuals if disclosed. Regular penetration and vulnerability testing must also be carried out on developing applications and systems to minimise unauthorised access. The Information Commissioner's Office has also ruled that staff should be trained in compliance with the Data Protection Act.

Failure to meet the terms of the undertaking is likely to lead to further enforcement action by the ICO and could result in prosecution.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy