NHS Trust hit with £175,000 data breach fine

Internet search

A Torquay-based NHS health Trust has been fined 175,000 by the Information Commissioner's Office (ICO) after sensitive details of more than 1,000 staff were posted on its website.

Information about employees working at Torbay Care Trust was posted online in a spreadsheet in April 2011.

The leaked information included National Insurance numbers, dates of birth, as well as the equality and diversity responses of 1,373 of the Trust's employees.

There will be no effect on budgets for staff, or health and social care services.

The document remained online for 19 weeks until it was discovered by a member of the public,

In a statement to IT Pro, Torbay Care Trust blamed the breach on an "organisational issue", insisting there was no evidence the data was accessed by anyone other than the person who reported it.

The NHS Trust said it was disappointed by the ICO's decision to issue a fine, but confirmed it plans to pay up.

Andrew Farnsworth, chief executive of Torbay Care Trust, told IT Pro in a statement: "We accept the findings and will be taking advantage of the early payments discount to minimise the financial impact of the fine.

"Provision was made to potentially pay such a fine, so there is no effect on budgets for staff, or health and social care services," he said.

The trust has also introduced measures to prevent similar breaches happening in future, added Farnsworth.

"It is important to clarify this information did not contain any clinical or patient data. Neither have we received any evidence to suggest the information has been used inappropriately," he added.

In a further statement, Stephen Eckersley, head of enforcement at the ICO, said the data could have been used by identity fraudsters.

"The fact this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable," he said.

"While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.