NHS Lanarkshire has received a reprimand from the Information Commissioner's Office (ICO) for the unauthorised use of WhatsApp by 26 members of staff who shared patients' personal data more than 500 times over two years. The information shared included names, phone numbers, addresses, and clinical information. NHS Lanarkshire did not approve the use of WhatsApp for processing patient data, and staff adopted it without the organisation's knowledge. The incident was reported to the ICO once NHS Lanarkshire became aware of it. The ICO has recommended that NHS Lanarkshire take steps to improve its policies, procedures, and communication with employees on data protection responsibilities. UK Information Commissioner John Edwards stressed that "patient data must be handled carefully and securely," and that every healthcare organisation should learn from this case and consider their own policies.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.