Torbay Care Trust has been fined £175,000 after it published the personal details of over 1,000 of its NHS staff online. Sensitive details of the staff members was posted on the internet, in a troubling data security breach that included information regarding a person’s name, age, pay, national insurance number as well as religious beliefs and sexual orientation.
An investigation into the data security breach, conducted by the Information Commissioner’s Office (ICO) found that the breach was ‘serious’ and ‘extremely troubling’, especially as the spread sheet that was published on their website, was only removed 19 weeks after publication when a member of the public discovered it.
In the 19 weeks that the spread sheet was available to the public it is believed that it was viewed around 300 times. The fine of £175,000 relates to the Trust having no significant guidance in place for staff regarding the publication of information online. It is also thought that the trust had no checks in place to identify a potential data security breach of this magnitude.
Data Security Breach Avoidable and Troubling
ICO head of enforcement, Stephen Eckersley found the whole data security breach troubling and a situation that was entirely avoidable:
“Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud.
“While organisation can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information. We are pleased that the trust is now taking action to keep its employees’ details secure.”
The £175,000 data security breach fine has been set at an appropriate level considering the seriousness of the situation. The data was at risk of being accessed by third parties for 19 weeks, enough time to cause considerable distress, suffer identity fraud and the financial implications this can entail. The new web management policy installed by the Torbay Care Trust is thought to be sufficient.
Chief Executive of the Trust, Anthony Farnsworth apologised:
“This was an organisational issue, in which the absence of sufficient checks within our processes made an error possible.
“Provision was made to potentially pay such a fine, so there is no effect on budgets for staff, or health and social care services.”
Data Security Breach Troubling at a Time of Austerity
Publishing the personal and financial details of around 1,000 NHS employees is a serious data security breach and a situation that was entirely preventable should Torbay NHS Trust put in place a simple set of procedures, guidance and checks.
At a time where budgets are being cut across the board, a fine of this size will worry a portion of the public and the management within the NHS Trust as although this had been set aside in order to cover a potential fine without affecting budgets, in the long term the country is still in a perilous economic position. With budgets tight in a normal circumstance, lapses in data security and resultant fines could put pressure on other departments and lead to a greater possibility of medical mistakes.
- Duncan Gibbins Solicitors are personal injury solicitors who deal with a broad range of compensation claims, from medical negligence claims, employer liability, road traffic accidents and industrial disease claims. To find out more or to arrange a free consultation with a personal injury specialist contact us today on .
No related posts to display.