UK: Patient details on stolen hard drives, ICO set to impose huge fine
A story in The Argus suggests that the Information Commissioner’s Office is set to slam an NHS trust with a huge fine over a data breach:
Confidential information belonging to tens of thousands of patients and staff were at risk of being exposed after computer hard drives were stolen and put up for sale on eBay.
The hard drives were taken from computers in a locked store at Brighton General Hospital where they were being decommissioned.
Brighton and Sussex University Hospitals NHS Trust now faces a £375,000 fine from the Information Commissioner’s Office (ICO) for a breach of the data protection act.
The trust says it will be contesting the fine.
Read more on The Argus.
If the ICO does issue the fine, it would not only be the first time any NHS unit has been fined, but it would also become the largest fine ever levied over a data breach. Until now, the largest fine was £130,000 and was issued to Powys County Council when details of a child protection case were sent to the wrong recipient.