The Information Commissioner’s office has issued a warning to the health service maintaining that it must do more in order to protect patients’ personal information. The warning comes as a further five health organisations were found to be in breach of the Data Protection Act 1998. This warning will apply equally to colleges and universities that process and share health data for research and medical training. Having appropriate data security measures in place will help to minimise the risk of breaching the act. Such measures also have the potential to mitigate circumstances should a breach arise. For more information on this, please access the news release available from the ICO website. JISC Legal provides guidance on data protection.