An NHS trust with more than half a million patients each year has been found to be 'in breach' of a data protection law.

Stockport NHS Foundation Trust – which manages Stepping Hill Hospital – was audited by the Information Commissioner's Office (ICO) which published its findings in a report in June.

The Trust was found to have a 'reasonable level of assurance' in its processes overall, but a number of concerns were found in how it protects data.

This included requests for copies of personal information – known as a subject access request – which organisations normally have a month to respond to.

The report stated: 'The Trust does not meet the statutory response times for responding to all subject access requests and therefore is in breach of Article 15 of UK GDPR.

'The Trust should consider whether any processes should be amended to improve response times and must continue to monitor the response times to subject access requests at a high level.'

(Image - Nub News)

Issues were also found in how information is held and kept safe.

The ICO said the Trust's records are not 'completely accurate regarding the ownership of devices', which sparked worries about whether these are being given back to the Trust when required.

It also found that there were a 'significant number of devices in use at the Trust that are end of life or soon will be', which it said could make them 'more vulnerable to attacks'.

The report continued: 'The Trust does not have business continuity (BC) plans in place across all areas of the organisation which are subject to regular review and periodic testing to ensure they are effective and fit for purpose.

'Additionally, there is insufficient training being provided to staff who would be involved in implementing BC plans, which may reduce the effectiveness and timeliness of the Trust's response to a major incident.'

The Trust confirmed there had been two data breaches in the past two years, both of which happened in August 2023.

It said this was because two letters were sent to incorrect addresses, and that the incidents were reported to the ICO.

(Image - Stockport NHSFT)

A spokesperson from Stockport NHS Foundation Trust added: "Data protection and security is extremely important to us. We recently undertook a voluntary audit with the ICO on areas of subject access and cyber security to enable a constructive process of continual improvement in these areas.

"We are currently working with the ICO to address areas highlighted which require improvement, and have agreed timelines for any actions to be addressed, which we are currently working towards.

"We are working proactively and in line with the national Data Security and Protection Toolkit to further strengthen areas around cyber security and subject access management, so that we can help ensure data safety."

An ICO spokesperson said: "Our audits play a key role in assisting organisations in understanding and meeting their data protection obligations.

"Stockport NHS Foundation Trust agreed to a consensual audit of its data protection practices, focused on information security and subject access requests (SARs).

"We made recommendations on key areas where compliance could be improved with further measures.

"While the compliance rate for SARs was low, we are satisfied that the Trust has committed to improving response times and reducing its backlog of requests."

~

Free from clickbait, Stockport Nub News is a quality online newspaper for our town.

To get our top stories in your inbox each week, subscribe to our free weekly newsletter HERE.

Please consider following Stockport Nub News on Facebook or X