After hard drives containing sensitive patient data were sold-off on eBay, the NHS has a rather massive fine coming its way from the Information Commissioner's Office. Thing is, it wasn’t exactly the NHS’s fault.
Some thieving bastard pinched the drives to get a double payday, having been paid to destroy them in the first place:
"We were the victims of a crime. We subcontracted the destruction of these hard drives to a registered contractor who subsequently sold them on eBay," said Duncan Selbie, the chief executive of Brighton and Sussex University Hospitals NHS Trust.
You could almost call it recycling, if it weren’t for the personal medical data of course. The NHS also managed to recover all the hard drives with the patient data on, after the police got involved.
The £375,000 fine is the largest ever issued by the ICO, which under the Data Protect Act, can levy fines of up to £500,000 for serious cases. It’s a bit harsh to fine the NHS, who was frankly, the victim of a crime as much as the patient data was. The ICO is currently “making inquiries” into the issue.
Considering the NHS is a bit strapped for cash like the rest of the country at the moment, fining it such a huge amount seems a bit off to me. Let’s hope the ICO comes to its senses. Then again, I wouldn’t want my personal medical data to leak out -- there are definitely some things only you and your doctor should know, and if he didn’t know until he absolutely needed too, that’d be great too. [Out-Law]
Image credit: Crying doctor from Shutterstock