In November 2020, an investigation was launched into Lloyds Pharmacy after a woman in Scotland received hundreds of confidential medical documents which were intended for NHS prescription services in Bolton, Greater Manchester. Although the box was marked ‘Delivery of Data to NHS on behalf of Lloyds Pharmacy’, a courier error led to it being delivered to the woman’s home address in Elgin, Moray – despite her having no affiliation with the NHS whatsoever.
The package constituted a carrier bag containing ‘a stack of hundreds of prescriptions from places like Bedfordshire and Milton Keynes’.
The personal data inside the package included:
- home address
- GP practice
- prescription history
A Lloyds Pharmacy spokesperson said: “After carrying out a thorough investigation, we can confirm that this incident was the result of a courier error. The prescriptions were secured by our Data Protection Officer within 24 hours and we’re pleased to confirm that this was not a reportable data breach.”
Despite what Lloyds Pharmacy has said, this personal data breach shows the inadequacies of the security measures taken to keep personal data safe. Allowing such sensitive, identifiable information to be sent to the wrong address posed a risk those individuals’ data rights and freedoms.
If you’ve been contacted regarding this breach or have been affected by something similar then get in touch with us today using the contact form.