Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information please take a look at our terms and conditions. Some parts of the site may not work properly if you choose not to accept cookies.

Join

Subscribe or Register

Existing user? Login

Law

Pharmacy incurs first ever UK data protection fine worth £275k

Doorstep Dispensaree, a dispensary supplying medicines to care homes in London, has incurred the UK’s first ever fine for breaching the General Data Protection Regulation.

Pile of pound coins

Source: Shutterstock.com

Doorstep Dispensaree, in Edgware, London, has been fined £275,000 for breaching data protection law

A London pharmacy has been fined £275,000 for its “cavalier attitude to data protection”, having left 500,000 patient records in an unsecured location since at least May 2018.

The fine, issued by the Information Commissioners Office (ICO) on 17 December 2019, is the first to be issued under the General Data Protection Regulation (GDPR), which came into force on 25 May 2018.

Doorstep Dispensaree, on Burnt Oak Broadway in Edgware, was found to have left “approximately 500,000 documents” in unlocked crates, disposal bags and a cardboard box in a rear courtyard of the premises.

According to an enforcement notice issued by the ICO, the documents contained names, addresses, dates of birth, NHS numbers, medical information and prescriptions dated from between January 2016 to June 2018.

The ICO said the documents were “not secure and they were not marked as confidential waste”, adding that some “were soaking wet, indicating that they had been stored in this way for some time”.

The ICO said it was unable to confirm the exact duration of the data breach but said it was “satisfied that it has been occurring, to some extent, since at least 25 May 2018”.

An accompanying ICO penalty notice, also published on 17 December 2019, said: “The data subjects can be very readily identified and linked to data concerning their health.

“Given the nature of Doorstep Dispensaree’s business supplying medicines to care homes, it appears likely that a high proportion of the affected data subjects are elderly or otherwise vulnerable.”

While the ICO said the number of people “affected by the breach cannot be confirmed,” it estimated that the documents “related to around 78 care homes”.

“Regardless of the exact number of care homes involved, given the volume of documentation and size of Doorstep Dispensaree’s business, it appears likely that hundreds and possibly even thousands of data subjects have been affected,” the penalty document said.

The Medicines and Healthcare Regulatory Agency (MHRA) initially discovered the storage of documents in the pharmacy’s courtyard on 24 July 2018, while it was conducting its own investigation into alleged unlicensed and unregulated storage and distribution of medicines by the pharmacy.

The information from the MHRA led the ICO to begin investigating the company’s compliance with GDPR on 15 August 2018, which found that most of the pharmacy’s procedures relating to data processing had not been updated since April 2015 – three years before the introduction of GDPR.

The ICO concluded that the company had failed to ensure the “appropriate security” of the personal data it processes and had “processed personal data in an insecure manner”, in contravention of GDPR Articles 5(1) (f), 24(1) and 32.

In deciding on the appropriate penalty for the pharmacy, the ICO said it “considers that the breach was extremely serious and demonstrates a cavalier attitude to data protection”, adding that the commissioner “is mindful that the penalty must be effective, proportionate and dissuasive”.

“Taking all the above factors into account, the commissioner has decided to impose a penalty in the sum of £275,000,” the penalty notice said, which the pharmacy will be expected to pay by 17 January 2020.

The penalty notice states that no further action was taken in regard to the MHRA’s initial investigation, as it concluded that there was insufficient evidence to support a reasonable prospect of conviction.

Steve Eckersley, director of investigations at the ICO said: “The careless way Doorstep Dispensaree stored special category data failed to protect it from accidental damage or loss.

“This falls short of what the law expects and it falls short of what people expect.”

The Pharmaceutical Journal has approached Doorstep Dispensaree for comment.

Citation: The Pharmaceutical Journal DOI: 10.1211/PJ.2019.20207504

Have your say

For commenting, please login or register as a user and agree to our Community Guidelines. You will be re-directed back to this page where you will have the ability to comment.

Recommended from Pharmaceutical Press

  • BNF and BNF for Children

    BNF and BNF for Children

    Now available as a 1 year print subscription to both the BNF and BNFC, ensuring you have the latest medicines information as it publishes and at a greatly reduced price.

    £138.50Buy now
  • BNF and BNF for Children

    BNF and BNF for Children

    Now available as a 2 year print subscription to both the BNF and BNFC, ensuring you have the latest medicines information as it publishes and at a greatly reduced price.

    £262.50Buy now
  • Pharmaceutical Statistics

    Pharmaceutical Statistics

    This book on basic statistics has been specifically written for pharmacy students.

    £33.00Buy now
  • Patient Care in Community Practice

    Patient Care in Community Practice

    Patient Care in Community Practice is a unique, practical guide for healthcare professionals or carers. Covers a range of non-medicinal products suitable for use at home.

    £22.00Buy now
  • Clinical Pharmacokinetics

    Clinical Pharmacokinetics

    A practical guide to the use of pharmacokinetic principles in clinical practice. Includes case studies with questions and answers.

    £33.00Buy now

Search an extensive range of the world’s most trusted resources

Powered by MedicinesComplete
  • Print
  • Share
  • Comment
  • Save
  • Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF

Jobs you might like

Newsletter Sign-up

Want to keep up with the latest news, comment and CPD articles in pharmacy and science? Subscribe to our free alerts.