The cost of data breaches is rising: the Information Commissioner’s Office issued £1.8 million in fines during the 12 months to June this year, compared to just £431,000 in 2010-11. Since then the big fines have continued, including:
- £250 000 to Scottish Borders Council, whose former employees’ records were found in a recycling bin;
- £175 000 to Torbay Care Trust for publishing sensitive employee information on their website;
- £225 000 to Belfast Health and Social Care Trust after thousands of patient records were found in a disused hospital; and
- £325 000 to Brighton and Sussex University Hospitals NHS Trust after sensitive patient information was found on hard drives sold on an internet auction site.
It is striking to note that 3 out of these 4 enormous fines arose, not from mishandling live data, but from the failure to properly dispose of information that was no longer needed.