The ICO exists to empower you through information.

A former 111 call centre advisor has been found guilty and fined for illegally accessing the medical records of a child and his family.

Martin Swan, 56, from Pinner, London, worked as a service advisor at the NHS 111 call centre in Southall when he illegally accessed the records.  

A complaint had been raised against Mr Swan, following a disagreement during a 111 call over the distance to a medical centre, prompting him to access the records of the complainant, the complainant’s child and two other relatives.

Mr Swan accessed the personal records without consent or a legal reason to do so and produced screenshots of the child’s patient notes at an internal investigation meeting in June 2016. He proceeded to contact the father with accusations of falsifying events and was dismissed for gross misconduct in November 2016. He contacted the father once again in January 2017, threatening to report him for neglect.

When Mr Swan failed to attend the initial hearing in April 2018, a warrant was issued for his arrest. He surrendered to the warrant in January 2023 and appeared before Uxbridge Magistrates Court on 15 February 2023.

Following the investigation from the Information Commissioner’s Office, Mr Swan pleaded guilty to five counts of unlawfully obtaining personal data in breach of Section 55 of the Data Protection Act. He was fined £630 with a victim surcharge and court costs totalling £1,093.

“When seeking medical help, people should never have to think twice about how their information is handled and whether their patient records are secure.

“The NHS 111 helpline offers a valuable service and people need to trust that the handlers operating this service are being responsible with the details provided.  

“This case shows that the ICO will take action when personal records are accessed unlawfully. As well as being an invasion of privacy, these actions seriously jeopardised the trust built between the service and its users.”

- Andy Curry, ICO Head of Investigations

Notes to editors
  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to  ico.org.uk/concerns.