Information Commissioner rules Department of Health breached data law with junior doctors’ personal details on Medical Training Application Service website

Health service staff must be trained on data security following the scandal that saw junior doctors’ personal details placed on the internet, the Information Commissioner has ruled.

The government watchdog yesterday found that the Department of Health breached the Data Protection Act by allowing details such as sexual orientation and religious belief to go on the Medical Training Application Service (MTAS) website.

The department has been ordered to encrypt any personal data on their website that could cause distress to individuals if disclosed. It must also carry out regular testing to check applications’ and systems’ vulnerability to penetration by hackers, as well as train staff to comply with the Data Protection Act.

The Information Commissioner has required the Department of Health to sign a formal undertaking to comply with the principles of the Data Protection Act. Failure to meet the terms of this undertaking will lead to further enforcement action and possible prosecution.

Mick Gorrill, assistant commissioner at the Information Commissioner’s Office, said: “This is an unacceptable breach of security. Organisations must ensure that the personal information they hold on us is secure – this is an important principle of the Data Protection Act.”