Harkanwarjit Dhanju, a pharmacist who worked for a Primary Care Trust has been prosecuted by the Information Commissioner’s Office (ICO) under S.55 of the Data Protection Act, after unlawfully accessing the medical records of family members, work colleagues and local health professionals.

Dhanju was fined £1000, ordered to pay a £100 victim surcharge and £608.30 prosecution costs. Dhanju did have responsibility for handling medication reviews for patients in local residential care homes with dementia and other mental health issues, but a manager uncovered that Dhanju was using his security pass to access unrelated medical records and the matter was reported to the ICO.

The case serves as a reminder that within an organisation’s data protection policy it should be clearly set out that unlawfully obtaining or accessing personal data is a criminal offence under S.55 of the Data Protection Act 1998 and this needs to be reinforced in staff handbooks and training.

Content Note

The aim is to provide summary information and comment on the subject areas covered. In particular, where employment tribunal and appellate court cases are reported, the information does not set out full details of all the facts, the legal arguments presented by the parties and the judgments made in every aspect of the case. Click on the links provided to access full details. If no link is provided contact us for further information. Employment law is subject to constant change either by statute or by interpretation by the courts. While every care has been taken in compiling this information, SM&B cannot be held responsible for any errors or omissions. Specialist legal advice must be taken on any legal issues that may arise before embarking upon any formal course of action.