14 DAY TRIAL // The UK’s Information Commissioner’s Office (ICO) has issued a fine of £100,000 ($152,000 / €117,000) after it discovered a large number of patient records at a site formerly owned by Stockport Primary Care Trust.
Stockport Primary Care Trust was dissolved earlier this year and their legal responsibilities have been passed to the NHS Commissioning Board. The board will have to pay the penalty in one month or file an appeal until July 2.
The data breach was discovered in 2011 when the site formerly owned by the Stockport Primary Care Trust was purchased by another company. At the time, boxes of documents containing personal information were found.
The documents included referral forms, letters, work diaries, and patient records. The ICO also learned that this wasn’t the first time when the trust had left behind highly sensitive data.
“It’s crucial that organisations don’t take their eye off the ball when moving premises. This NHS trust’s efforts to keep its patients’ confidential records secure were completely undermined by its failure to properly decommission the premises it was leaving,” said David Smith, deputy commissioner and director of data protection.
“The highly sensitive nature of the documents left behind makes this mistake inexcusable, and there can be no doubt that the penalty we’ve served is both necessary and appropriate.”