We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

NHS trust challenges £375,000 fine over data protection breach

Hard drives with patient data stolen while under contractor's care

Brighton and Sussex University Hospitals NHS Trust is contesting a £375,000 fine from the Information Commissioner's Office (ICO) over the theft of hard drives containing patient data.

Some 232 out of 1,000 hard drives belonging to the trust were stolen while they were under the responsibility of a contractor for decommissioning, and sold on. Details of thousands of patients and staff were believed to have been put at risk.

The ICO has sent the trust a letter of intent to impose a £375,000 fine for the potential data breach.

However, the trust said it will challenge the fine as it was a "victim of a crime".

"We subcontracted the destruction of these hard drives to a registered contractor, who subsequently sold them on eBay.

"As soon as we were alerted to this, we informed the police and with their help we recovered all the hard drives stolen by this individual. We are confident that there is a very low risk of any of the data from them having passed into the public domain," said Duncan Selbie, Brighton and Sussex University Hospitals chief executive.

Sussex Health Informatics Service, the contracting company, was responsible for disposing of the hard drives for the trust, and had appointed an individual to do the job.

According to The Argus, a 36-year-old man from Seaford was arrested on suspicion of theft and bailed a number of times, but the police has decided not to take the case on further.

In December 2010, a data recovery organisation bought four of the trust's hard drives on eBay.

It contacted the trust, which collected the hard drives and destroyed the information.

Brighton and Sussex University Hospitals has until 23 January to respond to the ICO's letter of intent, which the regulator will consider before making a final decision on whether it will issue a final penalty notice.

"The ICO is currently making enquiries into a possible breach of the Data Protection Act and is unable to speculate on what action will be taken at this time," an ICO spokesperson said.

IDG UK Sites

Windows 10 release date, price, features UK: Staggered release with PCs coming first this summer -...

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

MacBook Pro 15in preview: better battery life, faster storage and a new discrete graphics chip may...