The Importance of Effective Policies and Training in Data Protection: Lessons from a Scottish Hospital Breach | Thomas Fox – Compliance Evangelist

NHS Lanarkshire faced a data breach when staff used unauthorised platform, WhatsApp, to share confidential patient data during the pandemic. The UK Information Commissioner’s Office (ICO) found the health service lacking in data protection policies, resulting in unauthorised data sharing. Jonathan Armstrong stressed the importance of data protection impact assessments, employee training, policy enforcement, and balancing reward and accountability for data breaches, in managing data privacy and protection.