Sussex trust receive highest penalty for ICO breach.

Sussex trust receive highest penalty for ICO breach.

Following the discovery of highly sensitive personal data on computer hard drives sold on eBay, the ICO have served Brighton and Sussex university hospitals NHS trust with the highest civil monetary penalty (CMP) possible.

The trust has been fined £325,000 because it failed to ensure approximately 1,000 hard drives were destroyed, which contained information belonging to tens of thousands of patients and staff.

The breach of data protection was discovered when a data recovery company bought four of the hard drives from a seller on eBay in December 2010 – who subsequently alerted authorities. The sub contractor who they purchased them from was arrested by police but no charges were brought over the incident, the trust said.

The highly sensitive personal data included details of patients’ medical conditions, such as sexually transmitted diseases and treatment, disability living allowance forms and children’s reports. It also included documents containing staff details like National Insurance numbers, home addresses, ward and hospital IDs, and information referring to criminal convictions and suspected offences.

The ICO said the trust has been unable to explain how the individual removed the hard drives they were supposed to wipe from the hospital during their five days on site, as he was supervised and did not know the code for the door where the drives were stored.

The ICO’s deputy commissioner and director of data protection David Smith said: “The amount issued in this case reflects the gravity and scale of the data breach.

“It sets an example for all organisations – both public and private – of the importance of keeping personal information secure.

“That said, patients of the NHS in particular rely on the service to keep their sensitive personal details secure. In this case, the Trust failed significantly in its duty to its patients, and also to its staff.”

The trust claim that all the disks have been recovered and that no information had got into the public domain, therefore would be appealing against the ICO’s findings; as they cannot afford the fine.

The trust claim that the fine is the equivalent of paying for the delivery of 300 babies, 50 hip operations, 30 heart bypasses and 360 chemotherapy treatments.

At Landlord Referencing we completely understand the importance of the correct handling of sensitive data, which is why we DO NOT pass on or sell ANY sensitive data to third parties. We don’t even pass on any sensitive data to our community of landlord and letting agent members.

How do landlord and letting agents reference their tenants with you then, we hear you cry?

Well, that’s where the Lifestyle Reference comes in.
Making us the safest and most unique way to reference your potential tenants in the UK to date.


Are you a patient or staff member of this trust?

We would love to hear from you!


Free Hit Counter

Islington Council breach tenants data protection rules…

Wonga borrowers sign away their data protection rights…

LRS Press Release Voices Concerns on Data Protection Violation…

Author: Media Team

Keeping you up to date with all the most important changes, all the most interesting gossip and all the big news in the Private Rented Sector.