South West Yorkshire Partnership Data Breach (2015)

The Information Commissioner (the 'Commissioner') was informed on 19 July 2013 that the Trust had disclosed a discharge letter relating to one patient to an unrelated third party. On further investigation it was discovered that the two discharge letters both ended up in the same envelope, which was not checked before it was sent. The Trust had in place a Safe Haven Policy which included a section on posting information, but did not cover the need to check documentation containing personal data before it is sent (for any format). The Commissioner was later informed of four further similar incidents that occurred after this incident. One incident involved a letter being sent to the wrong address following an address not being updated, two involved letters being sent to an address that had been incorrectly written or recorded, and one further case was almost identical to the first reported breach, in that a community treatment order for one individual was placed with a letter intended for another individual.