You are:

glasses4c

 

 

Statement on data error

12 Jan 2016

Back to news listing

Before Christmas we notified registrants and stakeholders that we had made an error processing registrants’ personal data. We incorrectly shared the contact addresses of fully qualified registrants with three organisations working within the optical sector.

We would like to reiterate the apology we made for this error and are now able to provide more information about what happened.

Who received the information?

The three recipients were Vision Express, the University of Manchester and Reed Business Information. We would like to emphasise that the organisations only requested data that is publicly available on the register. None of the three organisations were in any way at fault and we would like to thank them for their cooperation in deleting the data that we incorrectly shared.

Vision Express alerted us to the error, confirmed that they did not use the data at all, did not pass it on to any third party and permanently deleted it.

The University of Manchester used the data once to facilitate an annual review of contact lens prescribing amongst UK registered optometrists and contact lens opticians. The anonymous prescribing data were collected, processed and then summarised in an article published in Optician in September 2015. They have not passed the data on to any third party and have permanently deleted it.

Reed Business Information made two uses of the data to contact registrants by post on behalf of Optician magazine, in respect of a subscription offer. They have not passed the data on to any third party and have permanently deleted it.

Why did the GOC sell registrants’ data?

Some registrants have asked why we share data with external organisations.

Our online register can be used to search for any of our registrants by a variety of different ways such as by name, GOC number or town. However, because our register is publicly available, we have a legal responsibility to provide this in an accessible format on request.

Due to the administration involved in processing these requests, we have previously charged external organisations to supply the data in this manner. We are reviewing our approach to sharing registrants’ data and in the meantime will not be charging for the supply of data. Our paramount concern is to ensure that we keep registrants’ data secure while meeting our legal responsibilities.

What happens next?

Because the information that we sent to the three organisations, which mistakenly included personal information, has been destroyed, registrants do not need to take further action.

We reported the incident to the Information Commissioner’s Office (ICO), the UK’s independent authority for upholding data rights, and to the Professional Standards Authority (PSA) who oversee us as a regulator.

The ICO has now considered the matter and has informed us that it is satisfied with the action we have taken following the data breach and will not be issuing a financial penalty. We would like to apologise again for the concern caused to registrants and are conducting a thorough review of our procedures to avoid any similar breaches occurring in the future.

If you have any further questions, please contact Philippa Mann on pmann@optical.org or 020 7307 8851.
 

Content Panels

Search our registers

Search our registers

Find a registered individual practitioner or business.

Hearings

Hearings

Information about our upcoming fitness to practise hearings.

Press releases

Press releases

Read the latest news from the GOC

Patient leaflets

Patient leaflets

We provide various leaflets and booklets for optical patients