A former healthcare worker at the london/">London Clinic has been formally cautioned by the Information Commissioner’s Office (ICO) after attempting to sell the Princess of Wales’s private medical records. The breach, uncovered after the Princess’s surgery in January 2024, involved the deliberate misuse of sensitive personal data for financial gain.
Data Breach At London Clinic
The ex-employee targeted the confidential records following the Princess’s planned abdominal surgery—during which she was diagnosed with cancer. This information had been kept private for months until the Princess publicly announced her diagnosis in March 2024.
Ico Issues Formal Caution
The ICO conducted a thorough review under the Code for Crown Prosecutors and issued a caution under section 170(5) of the Data Protection Act 2018. The regulator condemned the ‘‘deliberate misuse of highly sensitive personal information’’ as a clear breach of trust.
Patient Confidentiality Violated
The incident raised serious concerns over data security at one of the UK’s leading private hospitals. The attempted sale of the records was reported as soon as it was discovered, prompting the ICO’s investigation.
Investigation Now Closed
Wednesday’s confirmation from the ICO marks the conclusion of the regulatory inquiry into the illegal attempt to profit from the Princess’s medical history.
