Manx Care fined £170,500 for breaching data protection laws


But the commissioner will suspend payment until the end of the year

Manx Care has been fined £170,500 by the island’s Information Commissioner for breaching data protection laws.

In October last year, the organization emailed an unsecured attachment containing a patient’s medical details to more than 1,870 recipients.

At that time, Manx Care was already subject to an enforcement notice and another notice was issued in February this year.

The financial penalty was imposed for failing to comply with these two notices – but the commissioner decided to suspend the payment of the penalty until December 31.

This is to give Manx Care another opportunity to have the necessary technical and organizational measures in place by the end of the year.

If Manx Care fails to do so, the fine will become payable.

In a statement, the commissioner says it is “unacceptable that such a significant personal data breach is occurring”.

You can read the full statement from the Information Commissioner HERE.

Manx Care says it recognizes the “significant failures” described in the enforcement notice that make it “uncomfortable reading” and has apologized.

He describes the breaches as ‘historic’ and says they date back to 2020 when they were first raised with the then Department of Health and Social Care.

In a statement, the health body adds: “This app has provided a clear and important warning to Manx Care regarding our current level of compliance with data protection legislation and we hope the public can be reassured of our future intent.”

“Once again, we would like to take this opportunity to sincerely and unreservedly apologize for the repeated failures and breaches that have occurred, and for the impact this will no doubt have had on the individuals whose data has been compromised. violated through no fault of their own.”

You can find Manx Care’s full statement HERE.


Comments are closed.