The data breaches were caused by sending letters with personal health information to the wrong addresses. They all occurred between 28 January 2012 and 18 June 2013. Three of the four breaches were the result of inadequate data protection training for temporary staff, despite their roles routinely involving handling personal information. The trust was also woefully unprepared for a data breach, with no measures in place to check whether letters were addressed to the correct address before they were sent. After an investigation, the trust was required to sign an undertaking with the ICO that stipulated plans for improving data protection.
If you hire temporary workers who handle personal information, make sure to comply with the eight principles of the Data Protection Act that ensure personal information is:
•Processed fairly and lawfully.
•Handled for limited purposes.
•Adequate, relevant and not excessive.
•Accurate and up to date.
•Kept only for the necessary amount of time.
•Managed in line with individual rights.
•Stored only in countries with adequate data protection laws.