The ICO have the ability to issue fines up to £500,000 where there are serious breaches to the Data Protection Act and Privacy and Electronic Communications Regulations. There have been some notable cases in the news, including:
- NHS Surrey, who lost sensitive information belonging to 3000 patients, which was left on a computer that was auctioned. The fine, £200,000 (Source: BBC News)
- Sony, whose Playstation database was hacked. The fine, £250,000 (Source: BBC News)
- Brighton and Sussex university Hospitals NHS Trust, who have hard drives stolen containing personal data, including medical records, National Insurance numbers, and staff home addresses. The fine, £325,000 (Source: BBC News)
- North East Lincolnshire Council, who lost sensitive information of hundreds of children on an unencrypted memory stick. The fine, £80,000 (Source: ICO)
- Ministry of Justice, who emailed the details of prisoners at HMP Cardiff to three of the inmates families. The fine, £140,000 (Source: ICO)
As you can see, these data breaches whether intentional or not, happen a lot. It would want you to ensure the organisations who have your data have the necessary safeguards, but it's all to apparent that these are not in place, whether they are encryption solutions, firewalls, strong passwords, two factor authentication, data leakage prevention solutions, website firewalls, staff training, etc.
With all this in mind, did you know that the NHS have the right to share your personal information unless you opt-out of the scheme. I for one will be opt-ing out as soon as possible.
More information here: