Government proposes compulsory DP audits for NHS

Following several high profile data security breaches within the National Health Service (NHS), and numerous complaints to the Information Commissioner (ICO), the government proposes that NHS organisations should be made subject to compulsory data protection audits.

The government is currently consulting the NHS on its proposal for the ICO to carry out compulsory assessments of NHS bodies’ compliance with the Data Protection Act 1998 and its data protection principles.

The Ministry of Justice is seeking views on the following question:
Do you agree that the Information Commissioner should be given powers under the Data Protection Act 1998 to carry out non-consensual assessments of NHS bodies' personal data for compliance with the Act?

The Consultation, available at, closes on 17 May.