Information Commissioner's Office Files First GDPR Fine for Doorstep Dispensaree

This is a good example of why organizations must address two critical areas of compliance that often seem to fly under the radar still today: retention and paper records. The "careless” storage of patient data and failure to effectively operationalize data retention, contravened various articles in the GDPR and was sufficient enough for the ICO to award this hefty fine. Unfortunately for the London pharmacy, this has become a well-known case study for others to learn from. – Staurt Davidson

Information Commissioner's Office Files First GDPR Fine for Doorstep Dispensaree

Why This Privacy Law is Important:

Doorstep Dispensaree has been fined £275,000 (U.S. $356,000) for the disposal of records about nursing home residents. While Marriott and British Airways have also received penalties, this is the first fine issued for failing to ensure the security of these physical patient documents.

Overview:

The London based company, Doorstep Dispensaree, which supplies medicine to thousands of elderly nursing home residents, improperly retained and stored away 500,000 medical documents containing personally identifiable information (PII). The documents were found outside their offices in unsecured containers that had been exposed to the elements.

The PII included…

  • Patient Names
  • Birth Dates
  • Medical and Prescription Information

It’s estimated that hundreds, if not thousands of individuals could have been impacted by the improper disposal of these files.

Download the Resource