Brighton hospital trust slammed by ICO


Brighton hospital trust slammed by ICO

Simon Quicke

In the past it used to be HMRC or the MoD that regularly lost data on discs or stolen laptops but the NHS is rapidly becoming the leakiest source of information.

Following the fine that the NHS Trust in Brighton has been handed out, to the tune of £325,000, for a breach that could affect thousands of patients and staff from the Information Commissioner's Office (ICO).

Brighton and Sussex University Hospitals NHS Trust ended up in trouble after hard drives containing sensitive information were sold on an auction site back in October and November 2010.

The ICO's deputy commissioner and director of data protection David Smith said that the large fine was in proportion to the sensitivity of the data that was allowed into the wild, including disability living allowance forms, national insurance numbers as well as addresses and hospital IDs.

"It sets an example for all organisations - both public and private - of the importance of keeping personal information secure. That said, patients of the NHS in particular rely on the service to keep their sensitive personal details secure. In this case, the Trust failed significantly in its duty to its patients, and also to its staff," he said.

But the size of the fine was seen by some in the industry as a potential problem because it could make it more difficult for further breaches to come to light.

"Whilst this is a very serious data breach and the monetary penalty is designed to act as a warning to others, it may deter some organisations from voluntarily reporting data breaches in the future. Ensuring third party suppliers sign up to and follow NHS security policies and procedures will become increasingly important as the NHS continues to outsource activities," said Grant Taylor, vice president of Cryptzone UK.

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.