The health sector handles some of the most sensitive personal data, and patients have the right to expect that information will be looked after.

According to the ICO, in last financial year there were more than 200 self-reported breaches of data being posted or faxed to the incorrect recipient in health sector.

You should ensure there is a formal records management training programme comprising mandatory induction and periodic refresher training for all staff with access to personal data.