Following the fine that the NHS Trust in Brighton has been handed out, to the tune of £325,000, for a breach that could affect thousands of patients and staff from the Information Commissioner's Office (ICO).
Brighton and Sussex University Hospitals NHS Trust ended up in trouble after hard drives containing sensitive information were sold on an auction site back in October and November 2010.
The ICO's deputy commissioner and director of data protection David Smith said that the large fine was in proportion to the sensitivity of the data that was allowed into the wild, including disability living allowance forms, national insurance numbers as well as addresses and hospital IDs.
"It sets an example for all organisations - both public and private - of the importance of keeping personal information secure. That said, patients of the NHS in particular rely on the service to keep their sensitive personal details secure. In this case, the Trust failed significantly in its duty to its patients, and also to its staff," he said.
But the size of the fine was seen by some in the industry as a potential problem because it could make it more difficult for further breaches to come to light.
"Whilst this is a very serious data breach and the monetary penalty is designed to act as a warning to others, it may deter some organisations from voluntarily reporting data breaches in the future. Ensuring third party suppliers sign up to and follow NHS security policies and procedures will become increasingly important as the NHS continues to outsource activities," said Grant Taylor, vice president of Cryptzone UK.