ICO reports data-training improvements at NHS trust

Written by Jim Dunton on 21 March 2016 in News

Cambridgeshire Community Services NHS Trust has improved some of the information governance issues exposed by investigations into a series of data losses and thefts, according to the Information Commissioner’s Office.​

Trust chief executive Matthew Winn entered into an improvement undertaking with the ICO last year after a probe into the data breaches at the organisation, which provides a range of health services to residents in Cambridgeshire, Norfolk, Suffolk and Bedfordshire.

While the ICO investigation found that none of the incidents appeared to have caused substantial damage or distress to the individuals affected, it was discovered that trust employees were only required to refresh their information governance training every two years. An annual requirement was introduced nationally in 2013.

The ICO said the level of required mandatory annual refresher training at the trust had been “poor” at the time the improvement undertaking was signed. 

Related content

Police chief signs data-protection undertaking after ICO exposes failings

Cambridgeshire broadband take-up triggers £5.3m boost from BT

In its just-published follow-up report, the ICO said the trust had confirmed the introduction of a range of measures to ensure information governance training was kept up to date.

It said an electronic staff record system had been introduced to enable monitoring of staff compliance with e-learning training on the Health and Social Care Information Centre website.

The ICO said the system was able to identify staff who were on long-term sick leave, maternity leave or secondment, ensuring compliance statistics were recorded accurately.

The follow-up report also said that e-mail reminders were sent to staff about their IG training, which had to be completed within three months of employment commencing, and annually thereafter.

The ICO said: “The review demonstrated that the trust has taken appropriate steps and put plans in place to address the requirements of the undertaking and to mitigate the risks highlighted.”

The improvement undertaking, signed by Winn and ICO head of enforcement Stephen Eckersley in July 2015 suggested that at the time of the data-loss incidents the previous year, only 49% of staff were compliant with information governance training requirements, and that a target of achieving full compliance by March 2015 had been missed.

The ICO said compliance had reached 95% by September 2015.

Share this page




Please login to post a comment or register for a free account.

Related Articles

‘Treated as suspects’ – ICO calls for end to excessive demands for personal data of rape victims
31 May 2022

Information commissioner tells forces to immediately stop gathering info in a manner he claims is putting a major dent in conviction rates

NHS Covid Pass set to be phased out within nine months
6 July 2022

Government is considering ‘transition options’ ahead of planned closure of programme for vaccination certification

EXCL: Wall of silence surrounds plan for nationwide collection of citizens’ internet records
26 May 2022

Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...

ICO hits facial recognition firm with £7.5m fine and order to delete all UK data
25 May 2022

Regulator finds that collection of online images was not fair, transparent or lawful