The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The ICO has launched a new set of resources aimed at improving records management in the health sector.

The work was prompted by ICO audits in a broad range of health organisations, which found that:



33% of ICO audits of health organisations found no Information Asset Register or nominated information asset owners.




22% of ICO audits of health organisations found issues with logging, tracking, movement or security of paper records.



200+ self-reported breaches of data being posted or faxed to the incorrect recipient in last financial year in health sector.



200+ self-reported breaches of paperwork lost or stolen in last financial year in health sector.


The resources include training videos, posters and case studies.

ICO Good Practice Group Manager Leanne Doherty said:

“The health sector handles some of the most sensitive personal data, and patients have the right to expect that information will be looked after, whether that’s at large NHS hospitals or small private dentists. Unfortunately our audits showed a worrying trend of health organisations failing to properly manage the records they held.

“The people we speak to want to get this right. We’ve seen first-hand the professionalism and commitment of people working in information governance in this sector, and we know some of the challenges they face. We’ve looked to create resources that offer them practical support and give them the tools to improve people’s approach to records management in their organisations.”

The resources can be found at

The ICO plans to offer similar sets of resources around other aspects of data protection in the health sector over the coming year.