Torbay Care Trust hit with £175,000 after personal details of employees were posted online
The Torbay Care Trust in Torquay, Devon, has been hit with a £175,000 fine by the Information Commissioner’s Office (ICO) after personal details of over 1,000 employees were mistakenly published on the Trust’s site.
According to reports, the data included the equality and diversity responses of staff, while their dates of birth and National Insurance numbers were also accessible to anyone who logged onto the website.
And with the incident only flagged up after the information had been online for 19 weeks, the Trust was found guilty of failing to provide its employees with adequate training – as well as having a lack of checks in place to highlight possible issues.
Stephen Eckersley, head of enforcement at the ICO, said: "The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable.
"Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud."
While storing documents on hard drives and in virtual servers is an efficient means of organising information, organisations that are backing up files online need to do so securely in order to avoid events similar to the one that occurred at the Trust.
What’s more, given the extent of the fine imposed by the ICO, this is as much about safeguarding the company’s financial future as it is complying with the Data Protection Act – costly penalties can threaten profitability and also damage a business’s reputation.
Yet as Mr Eckersley adds that the Trust is now taking action to ensure employees’ details are more secure – and that a new web management policy is in place to prevent any similar incidents occurring – it appears that the organisation will now pay greater attention to the way it handles its staff’s sensitive information.