LONDON — A former healthcare worker at a private hospital in London was formally cautioned by the UK's Information Commissioner's Office (ICO) for the deliberate misuse of the Princess of Wales's private medical records. The individual offered to disclose the records for financial gain.

The ICO launched a criminal investigation into the unlawful obtaining and disclosure of medical information after the London Clinic reported a breach in March 2024. In a statement, the ICO said: "Following a full assessment under the code for crown prosecutors and the ICO's prosecution policy, the ICO issued a now former healthcare professional from London with a formal caution in relation to an offence under section 170(5) of the Data Protection Act 2018."

The watchdog further stated: "The conduct involved the deliberate misuse of highly sensitive personal information and an offer to disclose it for financial gain, representing a clear breach of trust." The ICO noted it did not identify any wider organisational failings at the London Clinic that would meet the threshold for regulatory enforcement. A spokesperson for the clinic confirmed there were no regulatory breaches by the hospital.

The Princess of Wales spent almost two weeks at the London Clinic after undergoing planned abdominal surgery in January 2024. In February 2024, she revealed that cancer was discovered in postoperative tests. The clinic has treated the Princess of Wales and King Charles in recent years.

Ian Hulme, executive director for regulatory supervision at the ICO, addressed the breach. "People should be able to trust that the personal information they're giving to healthcare settings is safe and protected from exploitation," Hulme said. He added: "When this trust is broken, it's right that the law allows us to take action." Hulme also stated: "We will not hesitate to pursue criminal prosecution where it is necessary and proportionate to do so."