NHS Trust Fined Record Sum of £325,000 Following Data Breach

Wake Smith Solicitors 18 July 2012

The highest ever fine issued by the Information Commissioner's Officer (ICO) in respect of a Data Protection Act (DPA) breach has been levied - £325,000. The unlucky recipient is Brighton and Sussex University Hospitals NHS Trust.

Highly sensitive personal data belonging to tens of thousands of patients and staff were found on hard drives sold on an internet auction site, accordingly to the ICO press release. The data included sensitive personal information relating to patients medical conditions, treatment, circumstances and childrens' reports. Data also included staff details including National Insurance numbers, home addresses and information relating to criminal convictions and suspected offences

1,000 hard drives were held securely in a room accessed by a key code at Brighton General Hospital. The problem arose from a contract to destroy those hard drives. The Trust has apparently been unable to explain, according to the ICO, how the individual contractor removed 252 of the 1,000 hard drives from site when they were supposed to be destroyed on site. The ICO's deputy commissioner and director of data protection David Smith is quoted as saying "The amount of the (penalty) issued in the case reflects the gravity and scale of the data breach. It sets an example for all organisations - both public and private - of the importance of keeping personal information secure½ Patients of the NHS in particular rely on the service to keep their sensitive personal details secure".

The latest fine follows quickly on a fine of £90,000 served on the Central London Community Health Care NHS Trust for a serious breach of the DPA when sensitive personal data was faxed to an incorrect and unidentified number. The breach was repeated on 45 occasions and compromised 59 data subjects personal data.

Workers in the health care industry are aware of the critical issues concerning sensitive personal data and it is imperative that systems and procedures are in place to militate against inadvertent breaches of the DPA which can have serious consequences.

For Data Controllers in the health care (and other industries) who are considering a notification to the ICO on a security breach there is a standard form for self reporting. Guidance on notification of data security breaches is available on the ICO website. The issue of lost sensitive personal data is particularly critical.

For further information regarding confidentiality breaches or any other commercial litigation matter, please contact Holly Dobson on 0114 266 6660 or email [email protected].

Tags

Archive

December 20245November 20245October 20246September 20245August 20245July 20243June 20243May 20245April 20242March 20247February 20242January 20248December 20236November 20232October 20233September 20232August 20234July 20232June 20235May 20237March 20234February 20235January 20233December 20225November 20224October 20224September 20223June 20221May 20227April 20223March 20223February 20223January 20224December 20214November 20213October 20214September 20216August 20212July 202111June 20218May 20216April 20212March 20218February 20218January 20219December 20208November 202013October 20208September 20208August 20203July 20208June 202016May 202011April 20206March 202016February 20208January 202011December 20199November 20199October 201911September 20195August 20194July 20196May 20198April 20196March 20193February 20195January 20194December 20186November 20185October 20182September 20185August 20184July 20189June 20184May 201810April 20185March 20184February 20184January 20183December 20175November 20178October 20177September 20179August 20175July 20176June 201710May 20175April 20178March 201711February 20176January 201710December 20169November 20167October 201610September 201610August 20166July 20167June 20163May 20162April 20166March 20162February 20164January 20165December 20153November 20155October 20156September 20156August 20157July 20157June 20157May 20156April 20159March 20156February 201510January 20156December 20145November 20144October 20142September 20143May 20144March 20146February 20144January 20142December 20132November 20133September 20134July 20132June 20132May 20133April 20131March 20133February 20133January 20136December 20121November 20123October 20122August 20122July 20128June 20123April 20123March 20121January 20124December 20112November 20111October 20112September 20113August 20113July 20117June 20119May 20117April 20115March 20119February 20118January 20111December 20101October 20102September 20102August 20103July 20106June 20101May 20102April 20106March 20102February 20103January 20102December 20095November 20092October 20092September 20092August 20091July 20095June 20095May 20093April 20093March 20093February 20091January 20092November 20082October 20082September 20081August 20083July 20081January 20082

Featured Articles

Contact us