Health organization fined for document protection failure

The Information Commissioner's Office (ICO) fined a Devon-based healthcare organization more than $250,000 following the publication of sensitive personal information on its website.

In April 2011, Torbay Care Trust published data concerning more than 1,300 National Health Service employees in an unprotected spreadsheet. Among the information included in this document were names, dates of birth, National Insurance numbers, religious affiliations and sexual orientations.

The information breach was reported by a member of the public 19 weeks after its initial publication, the ICO indicated. In that time, the spreadsheet was viewed an estimated 300 times.

ICO head of enforcement Stephen Eckersley noted that because the information was unprotected, affected individuals face a number of potential dangers.

"Not only were they [Torbay Care Trust] giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud," said Eckersley.

Anthony Farnsworth, chief executive of Torbay Care Trust when the breach occurred, said that there has been no evidence of any malicious activity related to the publication of the personal data and that more robust security measures have been implemented.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>