FINANCE: NHS health chiefs are challenging a proposed £375,000 fine after computer hard drives containing confidential information about tens of thousands of patients and staff were stolen.
Police were called in after the hard drives ended up on eBay after being taken from Brighton General Hospital in East Sussex where they were being decommissioned.
Brighton and Sussex University Hospitals trust had subcontracted the destruction of the hard drives to a registered contractor.
A 36-year-old man from Seaford was arrested on suspicion of theft last year and was bailed several times before a decision not to take further action on 17 July, Sussex Police said.
It has now emerged that the Information Commissioner’s Office (ICO) has sent the trust a notice proposing a fine of £375,000 for possible breach of the Data Protection Act.
Trust chief executive Duncan Selbie said in a statement that it was challenging the proposed fine, adding that they were the victims of a crime.
He said: “As soon as we were alerted to this, we informed the police and with their help we recovered all the hard drives stolen by this individual.
“We are confident that there is a very low risk of any of the data from them having passed into the public domain.
“We have subsequently received a notice from the ICO proposing a fine of £375,000 which we are, in the circumstances, challenging.”
The theft of 232 hard drives happened in September 2010 and the trust was alerted by a buyer on eBay, a trust spokeswoman said.
An ICO spokesman said: “The ICO is currently making inquiries into a possible breach of the Data Protection Act and is unable to speculate on what action will be taken at this time.”