recent work

Health Trust fined £175,000 by Information Commissioner's Office (ICO)

1,000 employee’s details were ‘accidentally published’ on Torbay Care Trust’s website, resulting in a £175,000 fine, the ICO has announced today.

The information was published on a spreadsheet on the website in 2009 and not spotted for 19 weeks. The data included individual’s names, dates of birth, National Insurance numbers, religion and sexual orientation.

The ICO’s investigation found that the Trust had no guidance for staff on what information shouldn’t be published online and had inadequate checks in place to identify potential problems.

Stephen Eckersley, Head of Enforcement, said:

“We regular speak with organisations across the health service to remind them of the need to look after people’s data. The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable. Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud.

“While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information. We are pleased that the Trust are now taking action to keep their employees’ details secure.”

The Trust has now introduced a new web management policy to make sure personal data is not mistakenly published on their website in the future.