Feeds

back to article NHS fights record £325k ICO fine after clap records appear on eBay

An NHS Trust is disputing a record fine the Information Commissioner's Office has levelled on it for leaving tons of data on patients and staff on hard drives that were sold on eBay instead of being destroyed. Brighton and Sussex University Hospitals NHS Trust was served a civil monetary penalty of £325,000, the highest handed …

COMMENTS

This topic is closed for new posts.

Page:

I don't get it, all these employ a specialist etc etc etc. All they need to do is to get a tech to hit each drive a half dozen times with a sledgehammer. The platter shatters into bits so you'll never get data off of it, much cheaper and harder to avoid.

13
0
Silver badge

Tax payer to Government to NHS to Government funded by the Tax Payer.

Morons managed by idiots overseen by the sub-normal, the NHS IT system.

I love it, the tax payer gives money to Government, the Government give the NHS money, the Government instructs the Courts to take the NHS to task. The NHS is fined and not by much, the money is then given to... The Government. The tax payer then makes up the shortfall.

I suppose MP's need some way to increase their expenses pot, a clever bit of accounting and the Governments appears blameless.

9
0

At the idea of breaking the platters...

If someone REALLY wants the data off that drive, they will, even with shattered plates.

Afaik, the only way to truly destroy the data is to do a magnetic wipe of the platters, or simply melt them.

3
3
Anonymous Coward

I had no idea Mr Jones at number 25 had the clap, I would never have guessed it, he's 87 years old!

Lucky beggar

0
0
Silver badge

Re: Tax payer to Government to NHS to Government funded by the Tax Payer.

@LarsG - the drives were taken away by a private contractor under form mad PGI-type scheme which allows the NHS trust to show greater openness and a willingness to be wallet-raped by the private sector (as is government policy). This will all be wrapped-up in a bollocks-speak press briefing and contract.

The contractor will be the lowest bidder with the thinnest margins and thus keen to get any profits anywhere they can, which means flogging stuff on eBay.

One other thing you can bet is that the conrtact will be so one-sided that even if the trust ejects the contractor for such flagrant negligence, they will need to pay compensation for loss of profits (a common clause in PFI deals which is why we have to spunk so much money at our badly run rail system).

I do agree with one thing, fining the NHS is stupid. You fine the contractor and you fire the managers.

23
0
Coat

Re: Tax payer to Government to NHS to Government funded by the Tax Payer.

its just wrong for a gov. department to fine the NHS for something like this... All it does is costs the taxpayer and the actual peoples damaged by the actions of staff money..... It doesn't help the situation.

Find the people responsible and remove them from their jobs. Employ people that do the job properly.

10
2
Silver badge
Devil

Re: Tax payer to Government to NHS to Government funded by the Tax Payer.

The police do exactly the same when they're found guilty and "fined", i.e. the money comes from the pool we've paid into via taxes, and after all the middle men have had a nice big bite, goes, err, back into the same pool. Its a farce designed by clever lawyers to ensure no-one in the system really suffers, yet they always benefit financially whilst the PR guys ensure the public thinks its all been sorted. Again, paid for by us.

3
1

This post has been deleted by its author

Bronze badge
Stop

@Benjamin 4:

@Benjamin 4:

Huh? You've never seen the inside of a hard disk have you?

You use a bender or fragger, not a techie with a hammer:

http://www.youtube.com/watch?v=q45gg3ed-j0

http://www.youtube.com/watch?v=sQYPCPB1g3o

1
0
Silver badge

Re: At the idea of breaking the platters...

"If someone REALLY wants the data off that drive, they will, even with shattered plates."

Its all about effort required. If someone buys a working disk, there is a chance they will try to undelete what files were on it before.

If someone gets a smashed disk, they probably won't bother going to the expense of recovery.

If its something of value, like military secrets, then it may be worth the cost to the enemy to recover. But if someone wanted a set of hospital files, its probably cheaper to hire someone to hack them.

2
0
Anonymous Coward

Hit the drive with a sledgehammer and.... crash the heads, only they'll be parked so it doesn't do a lot save dent the case.

The safest way to destroy a drive is to melt it down. That's not likely, so the alternative is to crack the drive open, remove the platters and then apply a metal file to the surface, then bend it in half, then into quarters, then hit it with a hammer to flatten it, then send the platters all mixed up off to recycling. Takes time but it's safer than a sledgehammer. It's also safer than running magnets over the drives (there's still latent markers on the disks that can be read with the right kit).

0
0

Re: Tax payer to Government to NHS to Government funded by the Tax Payer.

There's no incentive to avoid fines. They've got very little money, and they have an incredibly hard time keeping things running.

Now they have even less money, and the situation is now worse.

If you want a deterrent for public sector - fine the directors responsible.

1
0
Anonymous Coward

Shredding

Loved that big shredder Ross K, but can't help thinking it needed a safety guard. Getting a tie caught in there wouldn't be fun!

0
0

Smash them with a hammer

If it's a laptop drive, the platters are made of glass. You don't need a sledgehammer for that, a small mallet will do.

If it's a desktop drive, the platters are made of metal. You'll put a big dent in it but not smash as such.

0
0
Bronze badge

Re: At the idea of breaking the platters...

Actually there's a company in not far from this trust that will grind disk drives to dust. If they are serious they would blanco them as well.

0
0
Silver badge

"...that will grind disk drives to dust."

Will it blend?

0
0
Paris Hilton

Re: Tax payer to Government to NHS to Government funded by the Tax Payer.

"Employ people that do the job properly."

This is going to be hard when Gov pay's 25-50% below market average for internal techs then remove the gold plated pension. Or outsource to companies that are only profit driven and not driven to supply the best service possible.

The reason why all public needed services should be government run at even or small profit. Paris because that's obviously a dumb idea.

1
0
WTF?

The equation is really rather simple...

...if you can't afford to pay a penalty then:

1. do your job properly in the first place

2. don't try to cover it up again and again

I am not overly sure whether it's failings in the recruitment process within the administrative / managerial side of government departments that ensures this level of incompetence or if people just become lazy / disengaged / demotivated to such an extent that they no longer give a f*@k. Either way something has to change. Perhaps if the fund cannot afford to pay the penalty their chief exec should do the honourable thing and throw him-or-herself on the proverbial sword (perhaps with a ban on their taking up a similar role for the next 5 years).

7
0
Anonymous Coward

Re: The equation is really rather simple...

His name is Duncan and I believe the CEO is only on £298,000 pa with benefits, so there may be a cash shortfall even if he does fall on his sword.

If he does he will just go to another trust and start again but on a higher pay scale.

3
0
Pirate

Re: The equation is really rather simple...

The 298k plus benefits would certainly reduce the overall outlay. And with regards to his moving on to another trust, that's why I advocated at least a 5 year ban on his taking up other such posts. The number of times these guys 'do the honourable thing' by resigning only to move on to another similar role to do it all again (after using their golden parachute of course).

2
0
FAIL

Excuses...

"We simply cannot afford to pay a £325,000 fine and are therefore appealing to the Information Tribunal."

... yeah, that really helps if a regular person says the same thing.

"Sorry officer, I can't afford to pay that fine, so you can't fine me. Pardon me while I get back to breaking the law."

11
0
FAIL

Re: Excuses...

If the appeal ends up in front of a judge, the cost is going to be a damn sight higher than £325k.

They don't have a case, they have clearly failed to understand, let alone comply with the relevant legislation. I can see a judge awarding costs on this for NHS stupidity, and wasting time appealing.

Please get the twit CEO out of the office whilst the trust still has some money left.

2
0
Silver badge

Re: Excuses...

I'm not sure that there isn't a case. There is certainly sufficient evidence given to this point to say that the Trust did a good job of maintaining the drives in a safe place, etc. The incompetence comes in at the level of the contractor that allowed a fly-by-night operator to do a job that should have been handled to the highest standards, not the lowest.

I am a little baffled, though, that the drives were allowed out of the building without any form of encryption and/or wiping (even writing random 1s and 0s would be better than nothing). As an earlier commenter mentioned, few people would go to the trouble of trying to get information that has been well scrambled off a drive with no history of where it came from.

Don't get me wrong, someone needs a kicking. I think (on the evidence given so far) that the contractor should be taking the hit for this.

0
0
Nev
FAIL

Riiiiight...

""In a time of austerity, we have to ensure more than ever that we deliver the best and safest care to our patients with the money that we have available. We simply cannot afford to pay a £325,000 fine and are therefore appealing to the Information Tribunal."

Can we try and use that defence for parking and speeding fines too, then?

9
0
Big Brother

Ridiculous money-go-round

One crat passing tax-payers money to the next crat leaving the first crat with a financial hole that yet another crat will have to fill - what kind of cnut dreamed up this sytstem? Oh yes - yet another crat. I wonder if any of these people actually ever think beyond the end of their own desk?

Big brother would be watching you but he's too busy sharpening his pencils.

3
1
FAIL

Re: Ridiculous money-go-round

The purpose of the fine is to make it painful for the budget holder, so that;

(a) they take action to aviod being fined

(b) that heads role, and the next person in charge has his mind sharply focussed the next time somebody suggest tossing out some disk drives

Personally I would like to see directors and officers in the NHS held personally accountable for the fines, but short of that this is as good as it gets.

PS. Nationwide got a base £1.4m fine from the FSA, when the data was stolen from a locked house

1
0
Trollface

?? in this time of austerity....

but they can afford to pay someone £143,000....

http://www.theargus.co.uk/news/9147915.Brighton_and_Sussex_University_Hospitals_NHS_Trust_hires___143_000_expert_to_advise_on_cuts/

May be his advise was 'just ignore this stuff nobody ever gets fined'!

1
0
Nev
Stop

Re: ?? in this time of austerity....

Look like he got some nice pay rises too:

http://www.theargus.co.uk/news/8195349.Brighton_hospital_boss_earns_more_than_the_Prime_Minister/

"Duncan Selbie, chief executive of Brighton and Sussex University Hospitals Trust has an annual salary of between £180,000 and £185,000. "

Stepping down in July to head up some Quango:

http://www.theargus.co.uk/news/9634864.Brighton_hospital_chief_stepping_down/

2
0
Mushroom

One hopes there will be an additional fine for a trite reason for appealing the first one.

And that the chief exec and chief IT man are sacked. Its not their money to pay the fine, but was their resposibility not to allow the stuff to KEEP on happening.

3
0
Silver badge

This

In buckets. Either they lied or did not properly investigate. Either one I would call gross professional negligence. Heads must roll (with no golden goodbye, pension protection or anything).

Out on the street, just like anyone else.

But this is government luvvie duvvies we are talking about. Just watch, those at the centre will pop-up again as "experts", "thought leaders" or with some other vacuous title.

3
0
MJI
Silver badge

No fine - just sackings

Get rid of chief exec - too highly paid - only people I feel who should be on high wages in hospitals should have years of training and get called Doctor (OK I know about consultants).

Also whoever authorised the useless contracter.

As to fining NHS - just no OK.

3
0
Silver badge

Re: No fine - just sackings

Doctors are already highly paid (and rightly so). It's nurses and cleaners you want to worry about.

7
0
MJI
Silver badge

Re: No fine - just sackings

Actually you are right, but to be honest I feel that the chief executive of a hospital should not be the huge earners.

The people who operate on you and make you better should be the highest paid people in a hospital NOT a beaurocrat

1
0
Silver badge

Re: No fine - just sackings

@MJI - they are all equally important.

The cleaners make sure you don't catch whatever the poor sod next door has.

The nurses make sure nothing bad happens to you and that treatment is administered.

The doctors figure out what that treatment is.

The managers make sure the kit is available for you to be treated.

What should not happen (and you are quite right about) is for a pen-pusher to be mah-hoos-ively overpaid.

If fact, regardless of industry, the people at the top getting paid orders of magnitude more than those at the bottom (who do the actual work) is a serious issue in or society.

5
0
MJI
Silver badge

Re: Big Yin

Well I had an operation last year so was in a week.

Nurses were good, but I did not appreciate being woken at 3 in the morning for a blood pressure check and being in agony as the pain killers had worn off - needed morphine to get back to sleep. (few hours after op).

My biggest complaint was lack of communication between staff, and me being trial and error.

0
0
Bronze badge
Windows

How often?

"...and acted swiftly to recover, without exception, those that their sub-contractor placed on eBay."

Sounds expensive, and the original contractor is getting paid, unless they got ebay to remove listings &c

If the contractor had spent the time writing random bits to the hard drives, would anyone have ever known about this? I'm assuming the contractor is off the hook as there was no proper contract.

2
0
Anonymous Coward

Re: How often?

Had the drives been erased to military-grade specifications, then re-selling them on eBay should be a non-issue.

2
0

Loads-a-money

It always seems slightly ludicrous to me to fine a public body like the NHS or a local council, as the money ultimately comes out of tax-payers' pockets anyway. Surely there should be a personal come-back against whoever caused the problem in the first place, as a deterrent, otherwise errors will continue. Admittedly, this would probably require additional investigation by the ICO but that's what they're for, presumably.

3
0
Bronze badge

How come the subcontractor was not fined to ?

2
0

Maybe because they didn't have a contract? Presumably the ICO reckons that it's not good enough just to ask someone to get rid of a few hard discs; there should have been a proper contract in place that required that the drives were decommissioned properly.

If there had been a proper contract in place, then the NHS would be in a position to sue the contractor _and_ to defend itself against the fine (IANAL).

1
0

Even if nothing was written down there is still a contract in place - there was an exchange of goods/services for payment.

Even if there is no documented evidence of the expected destruction of the drives surely nobody's going to believe the NHS were paying a third party to flog old kit, containing sensitive information, on eBay.

1
0
Silver badge
Trollface

Meanwhile, at the appeals tribunal.....

....the chief prosecutor diligently saves his documents on that cheap hard drive his assistant bought on eBay....

3
0
Bronze badge

Repeating I know but...

As said by many above and on all too many similar articles...

DON'T fine the public body, fire and then prosecute the senior managers. If it involves sub-contractors then prosecute them too.

The lines of responsibilty should be down in written procedures and if you are listed as the person responsible for making sure it works then you take the blame, the marching orders and the legal slap when it doesn't (do not pass Go, do not collect ANY money). The only defence would be to show that people deliberately ignored the process at which point they go onto the bonfire instead.

4
0
Anonymous Coward

@Kevin Johnston Re: Repeating I know but...

Let's not forget the situation where Mr. IT was given verbal orders by some higher-up to skip the bidding process, or rig the bidding process to ensure Contractor X get the contract, because Mr. Higher Up has a coxy relationship (kick-backs from) Contractor X,

Corruption -- it usually goes all the way up to the top.

3
0
Silver badge

"It is a matter of frank surprise ... "

Surprise doesn't cover it. I was amazed by the stupidty and gobsmacked by the mendacity of all involved.

How is it that we live in a society where this can happen? What the F can we do to stop it?

1
0
Bronze badge
Alert

£325k?

£325k? That's nothing. The annual wage bill for a couple of NHS managers maybe...

It's not going to affect the quality of service the NHS provides its' "customers", so I dunno what that mouthpiece is moaning about. I'd be all for multiplying that fine by 10, except that it's the taxpayer who gets shafted in the end.

0
0
FAIL

Re: £325k?

That's not nothing. How many nurses would that pay for? How many operations would that pay for?

0
0
Big Brother

Re: £325k?

The maximum fine for those regulated by the ICO is £500k, the government probably guessing who was going to be picking up most of the fines chickened out, and did not set it to the FSA standard.

The FSA gets to think of a suitably painful number and demand it as a fine. The most similar case to this was the Nationwide stolen laptop, which earnt them a £1.4 base fine (reduced because they reacted quickly to plug the hole)

0
0
Boffin

Re: £325k?

Nurses - around 4 nurses pay and pension for one year, depending on experience and length of service

Operations - Again depending on type, roughly 10 heart transplants or 3.5 liver transplants (inc lifetime of aftercare) or 46 Hip replacements,

Other NHS Services - 3066 individual trips to A&E or 13540 GP appointments (no drugs) or Treat 280 severe asthma patients or treat 15 breast cancer patients with Herceptin for one year or treat 9 cancer sufferers in one year with chemo and radio therapies***

That is all.

*** Figures are a few years old now ( < 5yrs).

0
0
Bronze badge

Re: £325k?

@Soruk:

OK I should have made the sarcasm in my post clearer. There are NHS managers out there making (I nearly used the word "earning"...) more per year than David Cameron or Angela Merkel - a figure of £145k was mentioned by someone earlier...

That's wrong. These guys are doing nothing to improve anybody's lives except their own.

1
0

Page:

This topic is closed for new posts.