Medical data 'shared without clear permission'

An old lady in a cardigan uses a laptop, with a notepad, calculator and tea mug next to it.Image source, PA Media
Image caption,

The medical data incident was one of more than 100 self-reported data breaches in the first half of the year

  • Published

A Guernsey person's medical data was shared with a family member despite it being "unclear" if permission had been given by the patient, the island's data protection authority has said.

The Office of the Data Protection Authority (ODPA) said it was one of more than 100 self-reported data breaches in the first half of 2025.

The incident highlighted "the importance of proper authorisation when sharing information about a third party, even if a verified family member", the authority said.

The most common type of self-reported breach was personal data being sent to the wrong email recipient, the ODPA said.

The most common potentially harmful impacts in the first three months of the year were loss of confidentiality, followed by loss of personal data control, the ODPA said.

It added eight of the cases reported, external between April and June were classed as high-risk, down from 14 in the previous quarter.

However, more than half of high-risk cases reported in the first three months of the year failed to inform people who were affected, the ODPA said.

Follow BBC Guernsey on X, external and Facebook, external and Instagram, external. Send your story ideas to channel.islands@bbc.co.uk, external.