The ICO has fined a private health firm, HCA International Ltd, for failing to keep data secure after it was found that conversations had by IVF patients were online.

Audio recordings of interviews with patients were being sent to a company unencrypted in India for transcription. The Indian company was unable to maintain secure access due to an unsecure server.

By failing to ensure its subcontractor had acted responsibly, HCA International failed to comply with the seventh data protection principle.

Click here to view the monetary penalty notice.