An NHS trust has said it will appeal if it is instructed to pay a substantial fine that may be levied by the Information Commissioner’s Office (ICO).
In an initial letter of intent, the ICO has suggested a possible fine of £375,000; the highest penalty issued to date. The regulator claims that no final decision has been reached in the matter and that “The ICO is currently making enquiries into a possible breach of the Data Protection Act and is unable to speculate on what action will be taken at this time.”
The trust believes that it should not be held responsible for the breach in the Data Protection Act (DPA) as it was a victim of a crime.
The breach occurred when hard drives containing patient data were handed over to a registered contractor for destruction, only to end up for sale on eBay. According to a report by the BBC, the incident, which the trust considers an act of theft, occurred in September 2010.
Duncan Selbie, chief executive of Brighton and Sussex University Hospitals NHS Trust said in a statement that as soon as the trust was alerted to the sale of the disks, the police was informed and the disks recovered. “We are confident that there is a very low risk of any of the data from them having passed into the public domain. We have subsequently received a Notice from the Information Commissioner’s Office proposing a fine of £375,000 which we are, in the circumstances, challenging,” he added.
Under current legislation, the ICO has the power issue a fine of up to £500,000 to organisations which have committed a serious breach of the Data Protection Act
The highest penalty levied to date was handed to Powys County Council in December last year, after investigations revealed that staff members had been lax in checking documents before sending them to members of the public, resulting in individuals receiving delicate information about unrelated children, along with with documents pertaining to their own.
Last week, the ICO stated in a blog post that it would not be easing up on offenders any time soon and urged companies considering cutting costs and corners in the their data protection policies to think twice, or face the consequences.
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…
Elon Musk firm touts cheaper EV models, as profits slump over 50 percent in the…
Bad news for Tim Cook, as Counterpoint records 19 percent fall in iPhone sales in…
TikTok pledges to challenge 'unconstitutional' US ban in the courts, after President Joe Biden signs…