Skip Navigation

Fine by U.K. Information Commissioner’s Office has broad implications for industry

The U.K. Information Commissioner’s Office (ICO) has issued its strongest fine yet: a whopping £375,000. This fine was assessed against the Brighton and Sussex University Hospitals NHS Trust after hard drives containing personal medical information were sold on eBay by a contractor hired to destroy the data.

Prior to that, the biggest ICO fine was £130,000, which was issued to the Powys County Council after pages from a child protection report were wrongly included as part of a separate document sent to a member of the public.

“While we are horrified that a company promising secure destruction may have been the cause of this incident, it is actually a good reminder to customers that there is punishment for the lapses of downstream service providers,” said NAID CEO Bob Johnson. “It shows that vendor qualifications and vendor selection need to be considered very carefully and that making that selection based on price is a dangerous practice.”

To read the full article about the ICO’s biggest fine yet, click here.