Breach details
| What | Loss of sensitive personal data. |
| How much | 1,373 records. |
| When | April 2011 |
| Why | Sensitive personal information relating to 1,373 employees was published on the Trust’s website in an excel spreadsheet intended to display equality and diversity metrics. This information was publicly available for over 19 weeks. |
Regulatory action
| Regulator | ICO | Action | Monetary penalty of £ 175,000 |
| When | 6 August 2012 |
Why the regulator acted
| Breach of act | Staff received no guidance as to what information should not be published. No checking processes were in place to prevent excessive information being published. |
| Known or should have known | The data controller was holding confidential and sensitive personal data relating to its employees and should have recognised the potential for human error when uploading data to its website in the absence of appropriate security measures. |
| Likely to cause damage or distress | Financial and Medical data. May have been accessed by untrustworthy third parties. |
Links
| View PDF of the Torbay Care Trust Monetary Penalty Notice (Breach Watch Archive) |
| View PDF of the Torbay Care Trust Monetary Penalty Notice (Via ICO Website) |