The Information Commissioner’s Office (ICO) has ruled that the Department of Health (DH) breached the Data Protection Act following leaks of personal information about junior doctors.
The breach of the Medical Training Application Service (MTAS) website occurred earlier this year, and meant personal details relating to junior doctors, could be seen by anyone using the site.
Channel 4 News alerted the ICO to the breach and the DH suspended the site while the allegations were investigated. The whole system was finally scrapped in May amid calls for former health secretary Patricia Hewitt to resign.
In a statement the ICO said: “In order to protect against unauthorised access, the Department of Health has been required to encrypt any personal data on their website which could cause distress to individuals if disclosed.
“The ICO has required the Department of Health to sign a formal undertaking to comply with the principles of the Data Protection Act.
“Failure to meet the terms of the undertaking is likely to lead to further enforcement action by the ICO and could result in prosecution by the office.”
A DH spokesman said: “We take data protection very seriously. We are not using a national IT system for speciality training recruitment in 2008.
“Deaneries will arrange their processes locally. Any future national application systems will be implemented only after careful consultation with doctors, proper piloting and rigorous security checks.”
Copyright © PA Business 2007