Site navigation

Health Department to be Probed by ICO Over Personal Emails

Michael Behr


Health Department Emails
While the use of private correspondence is not illegal, it can put sensitive data at risk.

The UK’s data protection watchdog has opened an investigation into the use of personal emails by the Health Department.

The Information Commissioner’s Office (ICO) investigation aims to establish if the department used private correspondence channels to conduct government business, and whether this led to breaches of freedom of information or data protection law.

According to the ICO, the use of private emails undermined transparency in government decisions, a key factor of a functioning democracy.

“That is why the suggestion of ministers and senior officials using private correspondence channels, such as private email accounts, to conduct sensitive official business is a concerning one. It concerns the public to feel there may be a loss of transparency about decisions affecting them and their loved ones. And as the regulator of data protection and freedom of information laws, it concerns me,” said UK Information Commissioner Elizabeth Denham in a statement.

However, she added that the use of private correspondence channels does not contravene freedom of information or data protection rules by itself. The investigation will need to find proof that the use of personal channels resulted in these regulations been broken.

Should the ICO determine that the department was in violation of the law, it will determine whether to provide good practice recommendations, or potentially open criminal prosecution against individuals in the event information has been deliberately destroyed, altered, or concealed after it has been requested under the Freedom of Information Act.

The Department of Health has said it will cooperate with the investigation.

The original concerns were raised by the Labour Party following the resignation of Health Secretary Matt Hancock. The opposition party were concerned that government contracts for PPE during the coronavirus pandemic had not been awarded fairly or transparently.


While ensuring data is kept safe is a priority for most organisations, governments have to be especially vigilant. Last month, documents from the Ministry of Defence detailing the movement of British ships near Russia were discovered at a bus stop.

And new data recently revealed that UK Parliamentary staff misplaced almost 100 devices in two years, including laptops, tablets, and phones.

As such, the more data is spread out and the more devices it is contained on, especially on personal devices that are not stored in a secure location, the more opportunities exist for sensitive data to leak.

“My worry is that information in private email accounts or messaging services is forgotten, overlooked, autodeleted or otherwise not available when a freedom of information request is later made,” Denham noted.

“This frustrates the freedom of information process, and puts at risk the preservation of official records of decision making. I also worry that emails containing personal detail are not properly secured in people’s personal email accounts.”

Michael Behr

Senior Staff Writer

Latest News

%d bloggers like this: