Tuesday 03 October 2023
Select a region

HSC Data Protection concerns addressed

HSC Data Protection concerns addressed

Tuesday 20 December 2022

HSC Data Protection concerns addressed

Tuesday 20 December 2022

Concerns raised about data protection policies within Guernsey's health service in 2019 have been addressed.

The Committee for Health and Social Care has today assured patients that a minor breach three years ago was "taken very seriously at the time and measures put in place to avoid any further repetition".

HSC also said it is disappointed that the Office of the Data Protection Authority has highlighted this incident so long after it happened.


Pictured: The nature of the data breach is not known but it concerned section 27 of Guernsey's data protection laws.

The ODPA yesterday issued a statement concerning an inquiry it initiated to review the processes for handling personal data with a "specific service area" of HSC, following concerns raised by a member of the public. 

The ODPA said that HSC's data Controller did not respond "appropriately to a request for access to data and a request for data to be amended". It added that the Controller "also did not respond to a formal notice issued by the Authority in the way the Law required".

At the time it was found that the issues of concern were all related to "fairly basic errors in process" which are ODPA said are "concerning for any processing but particularly when the data is sensitive".

The data breach was said to concern section 27 of the island's data protection laws which sets out a Controller’s compliance obligations in response to a data subject requesting their data. The ODPA said that as a result of an individual's request HSC's Controller did disclose a "tranche of a data subject’s personal data in response to the request, but failed to include a document containing personal data until after the designated period had ended".

An enforcement order was issued to HSC meaning it was required to make "an improvement in processes within this service area".

HSC told Express: 

"This breach occurred in 2019. It was at the minor end of the scale but was taken very seriously at the time and measures put in place to avoid any further repetition. It is disappointing that 3 years later the ODPA has issued a public statement."



Sign up to newsletter



Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.

There are no comments for this article.

To place a comment please login

You have landed on the Bailiwick Express website, however it appears you are based in . Would you like to stay on the site, or visit the site?