ICO fines several organisations for data breaches

The Information Commissioner’s Office (ICO) has recently imposed fines on several organisations for data breaches:

  • Hampshire County Council was fined £100,000 for failing to implement effective contingency plans to protect personal data when decommissioning a disused building. Social care files of over 100 people, containing highly sensitive information about adults and children in vulnerable circumstances, were discovered in the disused building by the new owners. The building also contained 45 bags of confidential waste.
  • Regal Chambers, in Hitchin, Hertfordshire, was fined £40,000 for an unauthorised release of confidential information about a patient and her family. Despite express warnings from the patient that staff should take particular care to protect her details, the information was released in response to a Subject Access Request made by the patient’s estranged ex-partner.
  • Whitehead Nursing Home in County Antrim, Northern Ireland, was fined £15,000 for failing to keep the personal information they hold secure. The breach occurred when a member of staff took an unencrypted work laptop home, which was stolen during a burglary overnight. The laptop contained sensitive personal details relating to 46 staff and about 29 residents.