IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NHS trust and local council hit back at ICO fines

Public sector organisations dispute cases that netted the data protection watchdog £415,000.

A local council and a NHS Trust have come out fighting after being hit with data breach fines totalling 415,000 by the Information Commissioner's Office (ICO).

As reported by IT Pro last week, Brighton and Sussex University Hospitals NHS Trust received a record 325,000 fine after personal details belonging to thousands of staff and patients were found on hard drives sold via an internet auction site.

It is a matter of frank surprise that we still do not know why they have imposed such an extraordinary fine, despite repeated attempts to find out.

In a statement, the ICO said the size of the fine was in direct proportion to the "scale and gravity" of the breach.

The trust has since confirmed to IT Pro that it plans to appeal against the judgement because it cannot afford to pay.

"We arranged for an experienced NHS IT service provider to safely dispose of our redundant hard drives and acted swiftly to recover those that their sub-contractor placed on eBay. No sensitive data has entered the public domain," said Duncan Selbie, chief executive of Brighton and Sussex University Hospitals Trust, in a statement.

"We reported all of this voluntarily to the ICO who told me last summer that this was not a case worthy of a fine, [so] it is a matter of frank surprise that we still do not know why they have imposed such an extraordinary fine, despite repeated attempts to find out."

Earlier today, the ICO announced that Telford and Wrekin Council had been fined 90,000 after confidential details about four vulnerable children were disclosed during two similar data breaches.

The first took place in March 2011, when a member of the council's staff accidentally sent findings from a social care assessment to a child's sibling instead of their mother.

It also included details of another child who had made a serious, unspecified allegation against another youngster.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021
ICO publishes new data protection standards for the adtech industry
data protection

ICO publishes new data protection standards for the adtech industry

25 Nov 2021
Secretary of State retires NHS Digital and NHSX
public sector

Secretary of State retires NHS Digital and NHSX

23 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022