Manx Care fined £170,500 for infringing data protection laws

But commissioner will stay payment until end of the year

Manx Care has been fined £170,500 by the Island's Information Commissioner for infringing data protection laws.

In October, last year, the organisation emailed an insecure attachment containing a patient's medical details to more than 1,870 recipients.

At that time Manx Care was already subject to an enforcement notice and a further notice was issued in February this year.

The financial penalty has been imposed for failing to comply with those two notices – however the commissioner has decided to stay payment of the penalty until 31 December. 

That’s to give Manx Care another opportunity to take necessary technical, and organisational, measures in place by the end of the year.

If Manx Care fails to do this the fine will become payable.

In a statement the commissioner states that it’s 'unacceptable for such a significant personal data breach to occur'.

You can read the Information Commissioner's full statement HERE.

Manx Care says it acknowledges the ‘significant failures’ outlined in the enforcement notice which make for ‘uncomfortable reading’ and has apologised. 

It’s described the breaches as ‘historical’ and say they date back to 2020 when they were first raised with the then Department of Health and Social Care. 

In a statement the health body adds: "This enforcement has provided a stark and important warning to Manx Care about our current level of compliance with data protection legislation and we hope that the public can be reassured around our future intent."

"Once again, we would like to take this opportunity to offer our sincere and unreserved apologies for the repeated failures and infringements that have occurred, and for the impact this will undoubtedly have had on those individuals whose data was breached through no fault of their own."

You can find Manx Care's full statement HERE.