The Information Commissioner's Office (ICO) has slapped a £175,000 fine on a Torquay health trust, after it inadvertently published equal opportunity data about its staff on its website.
The blunder enabled visitors to see the names, addresses, National Insurance numbers and sexuality of nearly 1,400 staff.
Torbay Care Trust published the highly personal information online in April 2011, after a spreadsheet containing the data was put on its website. It was only spotted when reported by a member of the public 19 weeks later.
“Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud,” said Stephen Eckersley, head of enforcement at the ICO.
The data watchdog found that the Trust had not provided adequate guidance for staff on publishing information and lacked controls to identify potential problems.
Torbay Care Trust has subsequently introduced a new web management policy to ensure it does not repeat its mistake.
“While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information,” added Eckersley.
The fine is the third largest handed out by the ICO. The largest fine of £325,000 was handed down on 1 June to Brighton and Sussex University Hospitals NHS Trust, after it sold hard drives containing highly sensitive personal data belonging to tens of thousands of patients and staff.
Belfast Health and Social Care Trust received a £225,000 penalty on 19 June, following a serious breach which also led to the sensitive personal data of thousands of patients and staff being compromised.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display