With over 500 lawyers we would expect to be able to provide the specialist skill and experience that you need. Browse our lawyers and teams below.
With nearly 500 lawyers we have the skills and experience you need.
Are you coming to one of our offices and need to know how to find us?
Send us your enquiry and we will get back to you as soon as possible
Subject access requests – a warning. Watch out for third party data in your records.
The GP practice, from Hitchin, is paying the hefty penalty for wrongfully revealing 62 pages of confidential details about a woman and her family to her estranged ex-partner.
The ex-partner asked to see the medical records of the former couple’s son. Staff at the GP practice disclosed the notes which also contained the woman’s contact details as well as information relating to her parents and another child not related to the ex-partner. This is despite express warnings from the woman to staff to protect her confidential details.
The reputation and financial consequences (not to mention the effect on patients) from a wrongful disclosure are incalculable. Such a data security breach could so easily have been avoided. According to the Information Commissioner's Office 46 per cent of all complaints made to the ICO last year were are about subject access requests.
I suspect many will understand how such a mistake can so easily have happened with real pressures of time and resources. But, it shouldn’t, there is no excuse. Most health and care organisations hold sensitive personal data face such requests every day. Staff must be fully trained and prepared to deal with these routine requests. In this case, the ICO investigation found that the GP had “insufficient systems in place to guard against releasing unauthorised personal data to people who were not entitle to see it”. You can read the ICO’s penalty notice here.
How well prepared is your organisation?
It is important that organisations protect their staff by providing proper support, training and guidance. The ICO’s SAR webinar offers organisations some top tips on managing and complying with requests for disclosure of confidential and sensitive personal data.
Do get in touch if you require help or advice.
Senior Policy Advisor
Register for My M&R to stay up-to-date with legal news and events, create brochures and bookmark pages.
Log in to your client extranet for free matter information, know-how and documents.
Mills & Reeve system for employees.
Added to your bookmarks
This will be stored in your bookmarks list for 90 days or until you remove it.
This page has been added to your brochure. To manage your brochure click on the button below.
Or click on
at the top of every page.