• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

Potential Data Protection Act 1998 Breach

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Potential Data Protection Act 1998 Breach

    Hi all,

    I have an issue I am hoping to get some input on.

    Background

    My local NHS Trust is a data controller as defined under section 1 of the Data Protection Act 1998 and is responsible for the processing of data of which I am the data subject.

    In December 2015, I submitted a complaint to a psychotherapy regulator in regards to the one of the Trust’s psychotherapists.

    The psychotherapist subsequently disclosed/shared my sensitive personal data to both the regulator and his representative whom he commissioned to assist him in defending the complaint. The psychotherapist nor the Trust gained my explicit consent.

    The issues

    My personal data was disclosed/shared with the regulator and the psychotherapist's representative. This data is defined as sensitive personal data under section 2 (e) and section 2 (h) of the Data Protection Act 1998.

    The 1st data principle is set out as follows:

    “1 Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless—

    (a) at least one of the conditions in Schedule 2 is met, and


    (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.”

    The Trust have failed to demonstrate at least one of the conditions in Schedule 3 was met. I have lodged a formal NHS complaint and they simply argue the sharing of the data "was relevant and pertinent to the issues".

    Moreover, the Trust have failed to have regard for the lawfulness of the disclosing/sharing of the data, particularly in relation to confidentiality laws.

    Moreover and on the face of it, the psychotherapist has contravened section 55 of the Data Protection Act 1998.

    Is there a a cause of action? I have sent the ICO a concern but they really are a toothless bunch.

    Also, the Trust's solicitors have been very evasive and elusive in responding to my letter before action. They argue the Trust has already taken all "reasonable and proportionate steps" as required under the pre-action protocol/Practice Direction and fail to offer a full and detailed defence. I should be grateful for any assistance here.

    Many thanks.
    Tags: None

  • #2
    Re: Potential Data Protection Act 1998 Breach

    Not a sausage.

    Comment

    View our Terms and Conditions

    LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

    If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


    If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
    Working...
    X