In November, a team from the Information Commissioner’s Office was due to start auditing Southern Health’s compliance with The Data Protection Act 1998 and (presumably) the Freedom of Information Act 2000. The current status of the audit is unknown.
In respect of the former Act, the Information Commissioner possesses compelling evidence of breaches of the 4th Principle (data accuracy); proof of breaches of the 7th Principle (data security); and proof of failure to fulfil a subject access request. In 2014-15, Southern Health refused to take action prescribed by the Information Commissioner and the Department of Health to comply with the Act.
It appears that the Mazars review exposed serious issues relating to data processing too.
Anyone with information governance issues relating to Southern Health should write direct to the Commissioner (enclosing evidence) and ask him to pass it to his audit team:
Mr Christopher Graham, Information Commissioner, Information Commissioner’s Office, Wycliffe House Water Lane, Wilmslow, CheshireSK9 5AF
It is more effective than going through the call centre!
Unlike most Chief Executives in the public sector Mr Graham often replies personally.