By continuing to use the site you agree to our Privacy & Cookies policy

Your browser seems to have cookies disabled. For the best experience of this website, please enable cookies in your browser.


Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.


Torbay Care Trust

Torbay fined over information breach

PERFORMANCE: Torbay Care Trust has been fined £175,000 by the Information Commissioner’s Office after the sensitive details of more than 1,000 employees were accidentally published on the trust’s website.

HSJ Local newsletters
Get the latest health headlines in your region sent direct to your inbox

Choose your HSJ local newsletters now

Staff at the trust published information including names, dates of birth and national insurance numbers along with details of individuals’ religion and sexuality in April 2011. The information remained online for 19 weeks until spotted by a member of public.

The ICO’s investigation found that the trust had no guidance for staff on what information should not be published online and had inadequate checks in place to identify potential problems.

ICO head of enforcement Stephen Eckersley said: “The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable. Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud.

“While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information. We are pleased that the Trust are now taking action to keep their employees’ details secure.”

Anthony Farnsworth was chief excecutive of the care trust when the breach happened and is now chief executive of the community provider Torbay and Southern Devon Care Trust.

In a statement, he said the incident had been treated with the “utmost seriousness”, but there was no evidence the data had been accessed by anyone other than the individual who reported it.

He said more robust information management procedures had now been put in place.

He added: “The Care Trust has always had extremely hard working and dedicated staff, so it is of particular regret that in this instance we failed in our responsibilities to them. I would like to apologise, again, to these individuals for any concern that has been caused.”

Have your say

You must sign in to make a comment.

Share this

Post a comment

Related Files

Sign up to get the latest health policy news direct to your inbox