NHS trust and local council hit back at ICO fines

Money

A local council and a NHS Trust have come out fighting after being hit with data breach fines totalling 415,000 by the Information Commissioner's Office (ICO).

As reported by IT Pro last week, Brighton and Sussex University Hospitals NHS Trust received a record 325,000 fine after personal details belonging to thousands of staff and patients were found on hard drives sold via an internet auction site.

It is a matter of frank surprise that we still do not know why they have imposed such an extraordinary fine, despite repeated attempts to find out.

In a statement, the ICO said the size of the fine was in direct proportion to the "scale and gravity" of the breach.

The trust has since confirmed to IT Pro that it plans to appeal against the judgement because it cannot afford to pay.

"We arranged for an experienced NHS IT service provider to safely dispose of our redundant hard drives and acted swiftly to recover those that their sub-contractor placed on eBay. No sensitive data has entered the public domain," said Duncan Selbie, chief executive of Brighton and Sussex University Hospitals Trust, in a statement.

"We reported all of this voluntarily to the ICO who told me last summer that this was not a case worthy of a fine, [so] it is a matter of frank surprise that we still do not know why they have imposed such an extraordinary fine, despite repeated attempts to find out."

Earlier today, the ICO announced that Telford and Wrekin Council had been fined 90,000 after confidential details about four vulnerable children were disclosed during two similar data breaches.

The first took place in March 2011, when a member of the council's staff accidentally sent findings from a social care assessment to a child's sibling instead of their mother.

It also included details of another child who had made a serious, unspecified allegation against another youngster.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.