NHS trust and local council hit back at ICO fines
Public sector organisations dispute cases that netted the data protection watchdog £415,000.

A local council and a NHS Trust have come out fighting after being hit with data breach fines totalling 415,000 by the Information Commissioner's Office (ICO).
As reported by IT Pro last week, Brighton and Sussex University Hospitals NHS Trust received a record 325,000 fine after personal details belonging to thousands of staff and patients were found on hard drives sold via an internet auction site.
It is a matter of frank surprise that we still do not know why they have imposed such an extraordinary fine, despite repeated attempts to find out.
In a statement, the ICO said the size of the fine was in direct proportion to the "scale and gravity" of the breach.
The trust has since confirmed to IT Pro that it plans to appeal against the judgement because it cannot afford to pay.
"We arranged for an experienced NHS IT service provider to safely dispose of our redundant hard drives and acted swiftly to recover those that their sub-contractor placed on eBay. No sensitive data has entered the public domain," said Duncan Selbie, chief executive of Brighton and Sussex University Hospitals Trust, in a statement.
"We reported all of this voluntarily to the ICO who told me last summer that this was not a case worthy of a fine, [so] it is a matter of frank surprise that we still do not know why they have imposed such an extraordinary fine, despite repeated attempts to find out."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Earlier today, the ICO announced that Telford and Wrekin Council had been fined 90,000 after confidential details about four vulnerable children were disclosed during two similar data breaches.
The first took place in March 2011, when a member of the council's staff accidentally sent findings from a social care assessment to a child's sibling instead of their mother.
It also included details of another child who had made a serious, unspecified allegation against another youngster.
-
HPE boosts Aruba, GreenLake security
News Tech giant hopes to help enterprises battle against rise of "sophisticated" cloud threats
By Nicole Kobie
-
Lenovo promotes Per Overgaard to general manager for ISG EMEA
News Overgaard will spearhead Lenovo's Infrastructure Solutions Group as organizations continue to invest in AI and advanced infrastructure
By Daniel Todd
-
NHS supplier hit with £3m fine for security failings that led to attack
News Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
By Emma Woollacott
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
By Nicole Kobie
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway service
News Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
By Solomon Klappholz
-
Major incident declared as Merseyside hospitals hit by cyber attack
News The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
By Emma Woollacott
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuse
News The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
By Emma Woollacott
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims
News Companies need to treat victims with swift, practical action, according to the ICO
By Emma Woollacott
-
LinkedIn backtracks on AI training rules after user backlash
News UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
By Emma Woollacott
-
UK's data protection watchdog deepens cooperation with National Crime Agency
News The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
By Emma Woollacott