Archive for May, 2012

Passport fraud goes unchecked – Foreign Identity Document examinations required by HR

Confirming an applicant’s identify is a common practice for HR professionals within the US. In fact there are many tools available to HR and background screeners to do so. That said extra emphasis should be placed on documents that come from abroad and should be closely examined by experts of such documents. Passport and identity fraud runs rampant in a number of countries as illustrated in this recent story.

The Regional Passport Office has identified at least 50 cases this year where the applicants, in connivance with passport agents, produced fake verification certificates supposedly from IAS officials, police and army officials. The Regional Passport Officer Mr K. Srikar Reddy said, “We have revoked 50 passports which were obtained under the Tatkal Scheme by producing fake documents. While cross checking we found that the verification certificates were not issued by the officials concerned.”

The Begumpet police had earlier booked a case of fake verification certificates involving army officials. A seven-member gang was arrested for forging signatures of senior army officers for the purpose of Tatkal passports. The Saifabad police booked a case after a passport agent forged the signature of an IAS officer on the verification certificate. Market inspector of police S. Vinod Kumar said, “Ever since the Passport Seva Kendra opened in Ameerpet, Begumpet and Toli Chowki, the concerned police stations have been booking cases of submission of fake verification certificates which were earlier being booked by us when the passports were issued at the RPO Secunderabad. Of the 14 cases booked, two are related to these fake verification certificates.” He also added that passport agents who were cheating the public were also amongst those arrested.


ICO fines NHS £70,000

May 1, 2012 2 comments

The Information Commissioner’s Office has issued its first, significant monetary penalty following a serious data protection breach by an NHS body

The Information Commissioner’s Office (“ICO”) has taken action following an administrative error by Welsh health board, Aneurin Bevan Health Board (“ABHB”), which led to a serious breach of the Data Protection Act 1998 (“DPA”).

As the ICO gets used to using its new powers to issue substantial fines, all organizations which handle personal data need to ensure they are complying with their obligations under the DPA and have the necessary measures in place to avoid serious breaches occurring.


Section 55 of the DPA came into force on 6 April 2010 and allows the ICO, where there has been a serious contravention of the Act, to serve a monetary penalty notice on data controllers. The maximum penalty that can be imposed is £500,000.

What did they do wrong?

The error, which occurred in March 2011, meant that a highly sensitive report containing details of a patient’s health was sent to a former patient who had a similar name. A letter which had been drafted by a consultant and emailed to his secretary for formatting failed to identify accurately the patient to whom it should have been sent. The draft letter misspelt the name of the patient and did not contain sufficient additional details to identify the patient concerned. Furthermore, the letter was not checked prior to it being sent.

The investigation carried out by the ICO into the incident concluded that ABHB did not have in place sufficient checks to prevent personal data being sent to the wrong person and that the members of staff involved had not received any DPA training. An exacerbating factor was that the inadequate procedures followed in this instance were replicated across ABHB.

What was the penalty?

As a result of this incident ABHB has become the first NHS organization to be fined by the ICO.

The ICO has not only issued a fine of £70,000 to ABHB (which will be reduced to £56,000 if early payment is received) but also required it to sign an undertaking with a view to ensuring that all personal data it holds is processed in accordance with the DPA.

Following its investigation into this matter; the ICO had particular concerns about ABHB’s internal practices and the undertaking also includes measures to deal with these, including implementing:

  • new checks across the organization to ensure that a patients’ identities are established before any documentation containing personal data is issued;
  • the provision of training for staff;
  • putting in place and maintaining appropriate IT and other security measures; and
  • regular monitoring of compliance with the DPA.

This decision comes shortly after the ICO indicated that it would be focusing on, amongst others, the health sector in respect of responses to subject access requests. It has highlighted that notice should be taken of this decision by those operating within the health sector and stated that it is vital that the health service ensures that it has appropriate DPA compliance procedures in place.

The future

The Information Rights Strategy that was published by the ICO at the end of 2011 made clear that it would be taking a robust approach to DPA compliance over the coming year. This decision, reflects that approach and should be seriously considered by those organizations and employers operating within the health sector.

Future enforcement action by the ICO is likely to be significant, particularly in view of the European Commission’s proposals for reforming the approach to data protection across the European Economic Area.

Tips for organizations

  • Ensure that all your employees are trained on handling personal data particularly those who process it on a day to day basis.
  • Consider carrying out a data protection audit to establish the level of compliance with the DPA within your organization and, if necessary, to decide how this can be improved.
  • Ensure that you actively promote, implement and monitor compliance – it is not enough to have written policies in place if they are not enforced.

Source: Shoosmiths.

%d bloggers like this: