So this is all about just one doctor? Or did you mean to write doctors' each time you wrote doctor's?

Fraser I don't think the approach is perfect, but (hopefully) the ICO coming in and giving the NHS a good telling off will cause a cultural shift and force them to take more care about personal data and improve things for the next time. (This is probably very optimistic but that is what the ICO is attempting).

What would the point of fines be? For a company it has a (kind of) direct impact on the shareholders who then presurise the company in performing better (assuming the fines are more than a tiny blip on the balance sheet). In the companies case therefore the fine has a purpose.

For a tax payer funded organisation what is the point of a fine? All it does is give a big monetary figure of how bad the NHS has been and ultimately result in less tax payers money being spent on what the NHS is meant to be spending it's money on. The actual fine will probably end up back in the Treasuries bank account and will probably be instead spent on consultants or some other waste of tax payers money. I doubt neither the ICO or NHS will get the money back. So the net result of a fine would be to punish the tax payer and waste their money.

"penetration and vulnerability testing on developing apps" hahaha

This was never piloted. The pilot was 30 000 trying to log on at once. There were never any nodes available to service any requests and it was clearly designed by people who are incompetent with regarsd to security.

It wasn't the DoH, it was subcontracted out to Methods Consulting. I am reliably informed that the guy who wrote the whole thing is a very nice person and was very upset by the whole affair. Well that makes it alright then. I am surprised they are not mentioned by name.

Someone should have lost their job over this. Instead they just have to promise to behave next time.

COI: One of those affeceted by this tragic system