British Health Trust Fined For Publishing Private Data

By Mick Meaney

A British health trust has been fined for publishing sensitive employee details online.

The  Devon based Torbay Care Trust was fined £175,000 by the UK Information Commissioner’s Office for publishing the details of 1373 employees.

The data included personal information such as names, dates of birth, sexuality and religion, including employees national insurance numbers.

The spreadsheet was published on the trust’s website in April of 2011 and was not discovered until 19 weeks later when a member of the public reported the leak, at which time approximately 21,000 visits had been made to the site.

It is still unknown how many times the private data was viewed, but the page containing links to the spreadsheet was accessed 300 times.

Stephen Eckersley, The head of enforcement at ICO said the incident was entirely avoidable and left staff open to identity fraud.

“The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable. Not only were they giving sensitive information out about their employees, but they were also leaving them exposed to the threat of identity fraud.

“While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information. We are pleased that the trust are now taking action to keep their employees’ details secure.”

Torbay has now introduced a web management policy to prevent data leaks on its website in the future.