Plymouth Hospital NHS Trust has been ordered to pay one of its patients damages for breach of the Data Protection Act after one of its staff had unlawfully accessed the patient’s details, contrary to the Data Protection Act. According to a blog post from the barrister who represented the successful claimant – http://www.unitystreetchambers.com/blog/?p=131 – the patient was awarded £12,500 for exacerbating his paranoid medical condition and £4,800 for loss of earnings. The person who had unlawfully accessed his personal data was a nurse at the hospital and his partner at the time.
Paul Gershlick, a Partner and Head of the Pharmaceutical and Life Sciences sector at Matthew Arnold & Baldwin LLP, comments: “This case shows that any organisations involved with people’s health data must be careful to ensure that their employees do not misuse the data and that they take adequate safeguards to protect it. Health data about individuals falls within the category of sensitive personal data and is a higher class of data that is protected under data protection laws. That said, this outcome would probably have been the same regardless of the fact that the data misused was within the category of sensitive personal data.”