Follow sourcingfocus on Twitter

Privacy failings hits NHS Trusts in the pocket



Last June Brighton and Sussex University Hospitals NHS Trust received a fine of £325,000, after patent medical records appeared on hard drives up for auction on the Internet. This week saw a fine of £175,000 after confidential employee details were displayed on Torbay Care Trust’s (TCT) website. It appears that the NHS is in dire need of a revised data protection policy.

The publishing of details including NI numbers, DOB, names, sexuality and religion of 1,373 staff members was directly uploaded by the Trust itself. The sensitive information compiled as an Excel spreadsheet remained on the Trust’s website for a total of 19 weeks. The data was only removed when a member of the public raised the issue, by this point the data had been seen more than 300 times.

The head of enforcement, Stephen Eckersley, at Information Commissioner’s Office (ICO), who issued the penalty fine, said “Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud”.

The Trust recognised that it had failed to establish effective data privacy within its systems, TCT chief executive, Anthony Farnsworth, said: “This was an organisational issue, in which the absence of sufficient checks within our processes made an error possible”. The data breach of last June also occurred due to incorrect operational procedures as the Trust, which saw more than 252 hard drives removed from premises instead of being correctly destroyed.

Like any public sector organisation who handles sensitive data, the NHS need to rapidly establish effective data protection, partially at a time when the service is looking at migration of services and data to cloud based platforms. In both of these cases during this year, failing occurred due to a lack of due diligence.

  • Favicon
  • Digg Favicon
  • Facebook Favicon
  • NewsVine Favicon
  • Reddit Favicon
  • StumbleUpon Favicon
  • Technorati Favicon
  • TwitThis Favicon