Bupa Global have a challenge from the inside
Bupa Global Managing Director, Sheldon Kenton, recently had to release a video to explain the organisation had 108,000 international health insurance policies affected.
An employee 'inappropriately copied and removed' customer data from one of their systems. It was a deliberate act, and Bupa have dismissed the employee and are taking 'appropriate legal action'.
This is embarassing for Bupa, and they are introducing additional security measures and are increasing customer identity checks. From 25th May 2018 the ICO would need to be involved, with all the potential for challenge that creates.
This could affect any organisation, and you still need to prove you are in 'no way responsible'. Good training and procedures will enable you to demonstrate your care.
Don't take data protection for granted. Any organisation can have a 'bad apple', but don't leave procedural weaknesses.
You can read the full report, and view the video here.