Representing estates and facilities professionals operating within the  



Trust refutes huge data breach fine

A report from several sources says a hospital trust on the south coast of England is fighting back against the highest fine ever handed out by the Information Commissioner's Office (ICO) since its power to issue fines was granted in April 2012.

According to, the Brighton and Sussex University Hospitals NHS Trust has been served with a fine of £325,000, following the discovery of highly sensitive data files belonging to tens of thousands of patients and staff on hard drives sold on eBay in October and November 2010.

The ICOconsidered this a serious breach of the Data Protection Act (DPA) and the organisation’s deputy commissioner and director of data protection, David Smith, said the magnitude of the fine reflected the gravity and scale of the data breach.

"In this case, the Trust failed significantly in its duty to its patients, and also to its staff," said Smith.

However, the trust does not accept the ICO's findings and is determined to fight againstthem.

Duncan Selbie, trust chief executive, insisted that no data entered the public domain.

“We reported all of this voluntarily to the Information Commissioner's Office, who told me last summer that this was not a case worthy of a fine.

"The Information Commissioner has ignored our extensive representations. It is amatter of frank surprise that we still do not know why they have imposed such an extraordinary fine despite repeated attempts to find out, including a freedom of information request, which they interestingly refused on the basis that it would "prejudice the monetary penalty process".