A former London Clinic worker has been cautioned by the Information Commissioner’s Office (ICO) for allegedly attempting to access the Princess of Wales’s private medical records and offering to disclose them for financial gain.
ICO Investigation
The ICO initiated a criminal investigation in March 2024 into the unlawful obtaining and disclosure of medical information to a third party without the consent of the data controller, following a breach reported by the London Clinic. Reports at the time indicated that a staff member had tried to access Kate’s notes while she was a patient at the private hospital in central London in January 2024. The princess was admitted for abdominal surgery on January 16 that year.
On Wednesday, the ICO stated: “Following a full assessment under the Code for Crown Prosecutors and the ICO’s Prosecution Policy, the ICO issued a now former healthcare professional from London with a formal caution in relation to an offence under section 170(5) of the Data Protection Act 2018. The conduct involved the deliberate misuse of highly sensitive personal information and an offer to disclose it for financial gain, representing a clear breach of trust.”
Appropriate Enforcement
The ICO described the caution as “the appropriate and proportionate enforcement response.” It added: “We also considered whether there were any wider organisational issues arising from the healthcare provision in this matter. Based on the evidence available, we did not identify any failings that would meet the threshold for regulatory enforcement.”
Ian Hulme, executive director for regulatory supervision, commented: “People should be able to trust that the personal information they’re giving to healthcare settings is safe and protected from exploitation. When this trust is broken, it’s right that the law allows us to take action. We will not hesitate to pursue criminal prosecution where it is necessary and proportionate to do so.”
Hospital Statement
A London Clinic spokesperson said: “We all take considerable pride in delivering the very highest standards of care and discretion for every patient at The London Clinic. We are pleased our work with the ICO has brought this sad and isolated incident to a conclusion. There were no regulatory breaches by the hospital.”
