NHS trust challenges £375,000 fine over data protection breach

NHS trust challenges £375,000 fine over data protection breach

Hard drives with patient data stolen while under contractor's care

Article comments

Brighton and Sussex University Hospitals NHS Trust is contesting a £375,000 fine from the Information Commissioner's Office (ICO) over the theft of hard drives containing patient data.

Some 232 out of 1,000 hard drives belonging to the trust were stolen while they were under the responsibility of a contractor for decommissioning, and sold on. Details of thousands of patients and staff were believed to have been put at risk.

The ICO has sent the trust a letter of intent to impose a £375,000 fine for the potential data breach.

However, the trust said it will challenge the fine as it was a "victim of a crime".

"We subcontracted the destruction of these hard drives to a registered contractor, who subsequently sold them on eBay.

"As soon as we were alerted to this, we informed the police and with their help we recovered all the hard drives stolen by this individual. We are confident that there is a very low risk of any of the data from them having passed into the public domain," said Duncan Selbie, Brighton and Sussex University Hospitals chief executive.

Sussex Health Informatics Service, the contracting company, was responsible for disposing of the hard drives for the trust, and had appointed an individual to do the job.

According to The Argus, a 36-year-old man from Seaford was arrested on suspicion of theft and bailed a number of times, but the police has decided not to take the case on further.

In December 2010, a data recovery organisation bought four of the trust's hard drives on eBay.

It contacted the trust, which collected the hard drives and destroyed the information.

Brighton and Sussex University Hospitals has until 23 January to respond to the ICO's letter of intent, which the regulator will consider before making a final decision on whether it will issue a final penalty notice.

"The ICO is currently making enquiries into a possible breach of the Data Protection Act and is unable to speculate on what action will be taken at this time," an ICO spokesperson said.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *