Record Data Protection Fine Issued

Brighton and Sussex University Hospitals NHS Trust has been handed the largest fine so far under the Data Protection Act 1998. The £325,000 fine was issued following the theft of computer hard drives containing confidential information on thousands of patients and staff in September 2010. It is understood that the Trust is going to appeal the fine, which it says it cannot afford, and denies that it was reckless in its actions.

The lost information, which was later discovered on hard drives sold on eBay, included details of patients` medical conditions and treatment, benefits forms and reports, as well as employees` National Insurance numbers, home addresses, ward and hospital IDs, and information referring to criminal convictions and suspected offences.

The ICO`s deputy commissioner David Smith said the fine reflected the gravity and scale of the data breach:

"It sets an example for all organisations - both public and private - of the importance of keeping personal information secure."

Commenting on the ICO`s announcement, Tom Morrison, a Partner in the Commercial & IP Team at Rollits LLP, said:

"It would be wrong to say that this is the largest fine ever issued for a data loss - there have been much larger fines issued to the banking sector under their own rules - but this is the largest by far under the Data Protection Act pursuant to the ICO`s new power where a fine can be issued without taking the alleged wrongdoer to court. 

"It is clear from quotes which have been published that the Trust disagrees with the assessment made by the ICO and that it views the fine as unduly harsh - it is two and a half times the next largest issued to date. By contrast the ICO is sending out a strong message about where it sets the bar and where data breaches such as this sit on its scale of seriousness. The ICO took some time to finalise the level of the fine, so it will be interesting to see the outcome of the appeal. In the meantime the message from the ICO has come across loud and clear."

Posted on: 01/06/2012

This article is for general guidance only. It provides useful information in a concise form. Action should not be taken without obtaining specific legal advice.

Back to press releases
Back to press releases

Sign up to email news

Sign up to receive email updates and regular legal news from Rollits LLP.

Sign up