We would like to make the following statement regarding the recent verdict in the data breach case involving a former States of Guernsey employee accessing confidential patient records:
‘As the local data protection regulator, we have been following this case carefully. We await the opportunity to review the judgement in detail which will allow us to consider what steps, if any, may now be appropriate from a regulatory perspective. We would like to emphasise that this matter was dealt with under The Data Protection (Bailiwick of Guernsey) Law, 2001, which was repealed in May 2018 and replaced by The Data Protection (Bailiwick of Guernsey) Law, 2017 which provides increased statutory obligations for both organisations and individuals, as well as more comprehensive enforcement powers.’
It is an opportune moment to remind everyone handling personal data of the importance of committing to, and investing in, high standards of compliance. Failing to do so risks undermining trust and confidence in a very serious way.