Hospital faces £375,000 ICO fine after data sold on eBay

By Derek du Preez
16 Jan 2012 View Comments
Nurses at NHS hospital

The Information Commissioner's Office (ICO) is considering hitting a hospital with its heaviest fine to date following the theft of unencrypted hard drives from the Brighton and Sussex General in September 2010.

According to the Argus newspaper, 232 hard drives were stolen, out of 1,000 that were to be decommissioned.

Further reading

The hard drives were stolen by a contractor, and some of them subsequently turned up for sale on auction site eBay.

The BBC has reported that the Information Commissioner was considering levying £375,000 on the hospital.

The hospital has said it will challenge the proposed penalty.

This move follows the ICO's commitment earlier this month to focus its data protection work on the health and criminal justice sectors.

The ICO was granted the power to issue fines of up to £500,000 for breaches of the Data Protection Act in April 2010, but the penalties had been relatively minor until recently.

This appears to be changing though; just four weeks ago, it issued a fine to Powys County Council of £130,000 – its biggest fine to date – for failing to protect the personal data of vulnerable young people.

Reader comments
blog comments powered by Disqus
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

55 %
16 %
7 %
19 %
3 %