Active discussions

Meet the Other Phone. Protection built in.

Meet the Other Phone.
Protection built in.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

What would you do if you got a copy of someone else’s confidential GP records

230 replies

Twinkletoesandspaghettios · 09/05/2026 23:09

No poll just wondering exactly what you would do?

The summary care report was in with mine and had name, address, DOB, full medical history including details on social services and CAMHS involvement

OP posts:
AllTheChaos · 10/05/2026 22:40

Su1rlie · 10/05/2026 07:42

I can’t believe I’m reading posts like this! It’s massive breech and they would be interested. Those working in education and public services do data training every year for this very reason. Things like this absolutely should not happen. I’d be beyond livid if those were my notes. The patient deserves to be told and it definitely needs to be reported.

Show quote history

Sorry to say but it’s really not a massive breach! It was one person, and no harm or disbenefit to them can be demonstrated. Now the time that the MoD left a load of old style computers in a decommissioned office, and they were nicked, and turned out to have the details of all the Muslim applicants to the armed forces (names,
home addresses etc), putting them at risk of attack, that was more in line with ‘major breach’ standards.

AllTheChaos · 10/05/2026 22:45

weirdshape · 10/05/2026 08:05

The ICO is useless and I dont even see the point of them. I reported a major breach of my father's data - the NHS "lost" the last 6 months of his medical notes before he died and I reported it to ICO. They did nothing. All they did was give me a reference number and I never heard anything from them again, despite me badgering them about it.

Ive also reported other things- never heard anything back.

I really dont see the point of them if they arent going to act.

They will have acted, they just may be not have done what you expected. It organisation had something like this happen the ICO would be looking at how and why the breach happened. If staff training was inadequate say, or the policies were poor or not followed properly, the ICO would expect us to detail what we were going to do to improve matters, and for us to then show within an agreed timescale that these changes had been made. You wouldn’t be aware of any of this though.

LeftieRightsHoarder · 10/05/2026 23:16

I received a letter once from our local hospital, which I opened and read at once because I was expecting one. I soon realised it was for an elderly man who was having cancer treatment.

It was about his chemotherapy appointments so it needed urgent action.
I rang the hospital department and left a voicemail message, emailed them a copy of the letter, and rang the GP named in the letter. It had the patient’s address on it, so I think I also posted it to him — hope I did, but can’t remember all the details as this was years ago.

I’ve found that the NHS is often let down by its clerical staff. Apparently, at our hospital at least, it’s all contracted out, and subcontracted. Sneaky privatisation by the back door, at great expense and inconvenience to the NHS.

weirdshape · 11/05/2026 06:40

AllTheChaos · 10/05/2026 22:45

They will have acted, they just may be not have done what you expected. It organisation had something like this happen the ICO would be looking at how and why the breach happened. If staff training was inadequate say, or the policies were poor or not followed properly, the ICO would expect us to detail what we were going to do to improve matters, and for us to then show within an agreed timescale that these changes had been made. You wouldn’t be aware of any of this though.

Show quote history

No, they havent acted. They logged it, gave me a reference number and that was it. They never followed up with me which is what they are SUPPOSED to do, never updated me, when I rang them multiple times they still said they hadn't processed it.

If they wont act on something as serious as this why are you so convinced they are massively efficient:

Statistics and court cases tell one side of the ICO’s decline. But behind every complaint or breach lies a human story – often one of profound harm made worse by the ICO’s inaction. Perhaps the most chilling example is an incident described in a previous Legal Lens report: a woman who was raped, and whose attack was captured on CCTV . Both the police and a car park owner held video evidence of her being dragged into a car by the attacker. Yet, disturbingly, this crucial footage was never turned over to the victim. When she exercised her data rights by filing a Subject Access Request (SAR) to obtain the CCTV of her own assault, her request was rejected. She then turned to the ICO – the very body tasked with enforcing individuals’ right to access their personal data. The ICO was presented with this blatant violation of the law and a plea for help in a situation with life-altering stakes. And it did nothing. The ICO failed to issue any enforcement order or sanction, effectively allowing authorities to suppress evidence of a rape and leaving the victim with no recourse . Justice was not just delayed; it was flat-out denied.

This is not an isolated anecdote. Every unresolved complaint of a data breach, every ignored subject access request, represents a person potentially denied their rights – sometimes in situations of serious wrongdoing or abuse. Whistleblowers have reported employer data deletions, victims of hacking have sought help, employees have faced blacklisting – and too often, the ICO’s response is a form letter or deafening silence. In that silence, wrongdoers find impunity. As I argued back in January, “the ICO isn’t just failing to protect the public; it’s actively enabling wrongdoing by refusing to act.” When organisations learn that Britain’s data regulator will likely do nothing even when faced with egregious violations, it creates a perverse incentive: break the law, ignore individuals’ rights, and chances are you’ll get away with it.

You can carry on believing the ICO are everyone's knights in shining armour but I sincerely hope you never need them one day because if you do, you're on your own!

Holdonforsummer · 16/05/2026 17:56

Yes but you’re not the one whose data was breached? They will be following up with that person, not you.

New posts on this thread. Refresh page