THE clinic where Kate Middleton had surgery could face a £17.5million fine over an alleged data breach, a medical privacy expert has said.
The Princess of Wales was admitted to The London Clinic for abdominal surgery on January 16.
But an investigation was launched after at least one member of staff allegedly tried to access her notes while she was a patient there, according to .
Under the Data Protection Act 2018, it is an offence for a person to obtain, disclose or retain personal data without the consent of the data controller.
Iain Wilson, from , told The Sun that The London Clinic could be sued by Kate over the alleged breach.
He said: "They've obviously got obligations to keep medical records secure through the Data Protection Act.
"If it is found they didn't have sufficient systems in place, for instance, they hadn't trained staff properly, then they could be fined by the information commission officer.
"A very large sum, I think up to £17.5million or 4 per cent of an organisation's annual worldwide turnover and potentially sued by the individuals in question."
But Iain also argued the hospital may have had "all the training and systems in place" and wouldn't be able to stop one "rotten egg".
He continued: "You cannot guard against having a rotten egg. It is damaging to the clinic from a reputational point of view, albeit, we don't know what happened yet.
"We only know there was an attempt to access records. We don't if it was successful.
"From a legal regulatory point of view, if they've done everything they can, all the training and systems in place and someone was just a bad egg and there was no way they could have spotted that, then from a legal perspective, they're, they're unlikely to be culpable."
The Information Commissioner's Office (ICO) can carry out criminal investigations and prosecute individuals where it believes an offence may have been committed.
Usually, an assessment of the breach report will be carried out by its Criminal Investigation Team, who will decide whether to proceed in accordance with the Regulatory Action Policy.
This decision includes looking at whether there is sufficient evidence to support a prosecution and whether it is in the public interest to do so.
Kate also has the option of bringing a private prosecution with a civil action, and also potentially claiming compensation.
Details of Kate's condition have not been disclosed but Kensington Palace previously said it was not cancer-related and that Kate wished for her personal medical information to remain private.
The London Clinic's chief executive, Al Russell, said "all appropriate investigatory, regulatory and disciplinary steps will be taken" when looking at alleged data breaches.
In a statement, he said: "Everyone at the London Clinic is acutely aware of our individual, professional, ethical and legal duties with regards to patient confidentiality.
"We take enormous pride in the outstanding care and discretion we aim to deliver for all our patients that put their trust in us every day.
"We have systems in place to monitor management of patient information and, in the case of any breach, all appropriate investigatory, regulatory and disciplinary steps will be taken.
"There is no place at our hospital for those who intentionally breach the trust of any of our patients or colleagues."
It comes after health minister Maria Caulfield said police have "been asked to look at" the allegations.
Speaking on LBC radio, she said: "I say this as someone who's still on the nursing register, that the rules are very, very clear for all patients.
"That unless you're looking after that patient, or unless they've given you their consent, you should not be looking at patients' notes.
"So there are rules in place and the Information Commissioner can levy fines, that can be prosecutions, your regulator - so as a nurse my regulator would be the NMC (Nursing and Midwifery Council) - can take enforcement action."
Meanwhile the UK privacy and data protection watchdog said it had received a breach report.
An ICO spokesperson said on Tuesday: "We can confirm that we have received a breach report and are assessing the information provided."
Kensington Palace said: "This is a matter for The London Clinic."
Kate's absence from public life, after her surgery, has led to wild conspiracy theories on social media about her whereabouts and health.
The Sun released footage of Kate out shopping with the Prince of Wales at the weekend at the Windsor Farm Shop close to their Adelaide Cottage home in the grounds of Windsor Castle.
The royal couple also spent Sunday morning watching Prince George, Princess Charlotte and Prince Louis taking part in a sporting event.
The online speculation increased after irregularities were spotted in a Mother's Day photograph of Kate and her children, which led to the princess admitting to "editing" the image and apologising for any "confusion" caused.
It was reported at the weekend that the princess may speak about her health during public engagements which are not expected to resume until after Easter.
THE Sun last week led the way in defending Princess Kate when she was being criticised from all angles over the edited photo saga.
Social media trolls were quick to attack the future Queen over her editing of a Mother's Day family picture.
Media critics also weighed in with their opinions alongside the idiotic conspiracy theorists, but The Sun stood alone in saying: Lay off Kate.
Our front page blasted: "The furious attacks on the future Queen over her photoshopping of a Mother's Day family picture are not just absurd.
"They now look like a bullying campaign against a devoted mum, recovering from a serious operation, who simply wanted to offer the public a perfect portrait of her and her kids.
"She meant well, made a mistake and fessed up. Fair enough.
"Now leave her alone to get over her op."
