Royal Gwent Hospital Data Breach (2015)

A nursing auxiliary has been fined for accessing a patient’s medical records without a valid legal reason. Marian Waddell, 61, was working at the Royal Gwent Hospital in Newport when she unlawfully accessed the records of the patient, who was known to her, on six occasions between July 2015 and February 2016. She did so without a valid business reason and without the knowledge of the data controller, the Aneurin Bevan University Health Board. Waddell, of Walsall Street, Newport, admitted unlawfully accessing personal data in breach of s55 of the Data Protection Act 1998 when she appeared at Cwmbran Magistrates’ Court. She was fined £232 and was ordered to pay £150 costs as well as a £30 victim surcharge.