Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

Snooping public sector staff are accessing your private health records and personal data

Post Thumbnail

Thousands of sensitive documents carrying YOUR private data are being illegally shared by public sector workers.

A Sunday Post probe has discovered hundreds of police, NHS and council staff have accessed highly secret personal files meant to be kept away from prying eyes.

The most common breaches involve workers snooping into the lives of people they know, including relatives, neighbours and friends.

In some cases highly confidential data has been openly “shared” among groups of colleagues. In others, people’s private details have even been sold on for material gain.

Yet, despite the breaches, as many as a third of the perpetrators are let off without being reprimanded.

Daniel Nesbitt, of civil liberties group Big Brother Watch, said: “Breaches of data protection are an all-too-regular occurrence. Until real deterrents are put in place this problem will just get worse.”

The Sunday Post investigated the data protection breaches of our three biggest publicly-funded institutions the NHS, Police Scotland and our 32 local councils.

A total of 900 NHS workers have been caught breaching the Data Protection Act, which sets out the strict guidelines on how your personal information is used by organisations, businesses or the government, since 2010.

At Scottish councils, at least 300 staff broke the rules either deliberately or accidently, with teachers, housing chiefs and Education bosses all illegally sharing data, losing unencrypted laptops, phones and tablets, and posting sensitive information about others online.

And 37 police officers have been disciplined for similar offences since 2009.

Some of the most shocking breaches stem from the NHS. They include numerous cases where staff have accessed the records of patients without authority, sharing sensitive data on social media, and illicitly browsing through the records of family and friends.

One nursing and midwifery worker in Aberdeen was forced to delete videos of a patient taken within hospital grounds, while an NHS Lothian employee used a mobile phone to take a picture of a “patient-identifiable record”.

Disciplinary action has been taken against staff who have deliberately stolen files and shared them with third parties, while one NHS Tayside blunder saw the details of 500 patients inadvertently posted to a member of the public.

Despite that, aone in five faced no disciplinary action at all.

Dr Jean Turner, of the Scotland Patients Association, said the breaches are more than harmless banter.

She said: “People forget that information is only supposed to be in your hands if you need to know. To find that so much is being looked at by others is extremely worrying.

“It’s shocking that an organisation as big as the NHS doesn’t have measures in place at all times to prevent such breaches.

“It is wrong and can have terribly damaging effects to those involved if private information is put out in the open.”

Twenty-two of Scotland’s 32 local councils confirmed they’ve dealt with a combined 298 cases of data breaches.

Despite that figure being well below that of the NHS, 36% of all those found ignoring guidelines had no action taken against them.

A Police Scotland spokesman said: “All employees receive training about the Data Protection Act and the importance of lawfully handling the information held on our systems. Any inappropriate use is treated very seriously and our staff are aware of this.”

A spokesman for NHS Scotland said: “We take patient confidentiality very seriously and believe any data breach is unacceptable.”

Council umbrella body Cosla said: “Obviously councils take this issue very seriously and try to avoid data protection breaches at all costs.

“The bottom line is that with the amount of data handled by councils the number of breaches over a five-year period is not overly excessive. Councils work with the information commissioner to ensure lessons are learned.”