The Information Commissioner's Office (ICO) in Britain has announced a fine of £325,000 for an NHS Trust after computer hard drives containing medical and personal information of hundreds of patients were sold online.
More than 250 hard drives were reported to be stolen from Brighton General Hospital in September 2010 when the hospital had handed over 1,000 hard drives to an individual sub-contractor for their destruction. Four of the hard drives were bought by a data recovery company from a seller on eBay and the hard drives were reported to contain details such as patients' medical conditions and treatment, disability living allowance forms and children's reports.
While ICO's deputy commissioner David Smith revealed that the fine reflected the gravity of the breach, the trust's chief executive, Duncan Selbie said that hard drives did not contain any sensitive details and it planned to appeal the decision.
"We dispute the Information Commissioner's findings, especially that we were reckless, and a requirement for any fine. We arranged for an experienced NHS IT service provider to safely dispose of our redundant hard drives and acted swiftly to recover, without exception, those that their sub-contractor placed on eBay", he said.