Vyta

  • About Us
    • The Vyta Team
    • Certifications
    • Awards
    • Our Mission and Values
    • IT Asset Disposal vs Disposition
  • Our Services
    • ITAD – IT Asset Disposal Service
    • IT Equipment Resale and Revenue Return
    • Hard Drive Shredding – DiskShred
    • WEEE Recycling
    • Secure Data Destruction
    • IT Services
    • Refurbished IT
  • ESG
    • Sustainability Report FY2023-24
  • Global ITAD
  • News
  • Resources
    • Educational Guides
    • Case Studies
    • Downloadable Content
    • Videos
  • Careers
    • Recruitment Policies
  • Contact
  • Get a Quote

NHS Trust fined £325,000 following major data breach

Brighton and Sussex University Hospitals NHS Trust has been served with a Civil Monetary Penalty (CMP) of £325,000 following a serious breach of the Data Protection Act (DPA), the Information Commissioner’s Office (ICO) said today.

It comes after the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff – found on hard drives sold on an Internet auction site in October and November 2010.

The data included

  • Patients’ medical conditions and treatments
  • Disability living allowance forms and children’s reports.
  • Documents containing staff details such as National Insurance numbers, home addresses, ward and hospital IDs, and information referring to criminal convictions and suspected offenses.

The data breach occurred when an individual engaged by the Trust’s IT service provider, Sussex Health Informatics Service (HIS), was tasked to destroy approximately 1000 hard drives held in a room accessed by key code at Brighton General Hospital in September and October 2010. A data recovery company bought four hard drives from a seller on an Internet auction site in December 2010, who had purchased them from the individual.

Although the ICO was assured that only these four hard drives were affected, in April 2011 a university contacted them and advise that one of their students had purchased hard drives via an Internet auction site. An examination of the drives established that they contained data which belonged to the Trust.

The ICO’s Deputy Commissioner and Director of Data Protection David Smith said:

“The amount of the CMP issued in this case reflects the gravity and scale of the data breach. It sets an example for all organisations – both public and private – of the importance of keeping personal information secure. That said, patients of the NHS in particular rely on the service to keep their sensitive personal details secure. In this case, the Trust failed significantly in its duty to its patients, and also to its staff.”

The Trust has now committed to providing a secure central store for hard drives and other media, reviewing the process for vetting potential IT suppliers, obtaining the services of a fully accredited ISO 27001 IT waste disposal company, and making progress towards central network access.

For the latest information about this breach check out the BBC news article

Filed Under: News

Search

Latest News

Vyta and Evad join forces to support ISPCA with sustainable technology donation

IT asset disposition (ITAD) and IT asset lifecycle management (ITALM) firm Vyta has partnered with leading Irish technology solutions provider, Evad Technology Group to wipe, refurbish and donate 7 laptops to the ISPCA following their … More...

Vyta expands global presence with £800k investment in new Frankfurt facility

Leading IT asset disposition (ITAD) and IT asset lifecycle management (ITALM) firm Vyta has extended its global presence with an £800K investment in a new facility in Frankfurt. The new Vyta GmbH site is now open for operations having … More...

Vyta secures global ITAD contract with Aon to deliver sustainable solutions worldwide

Vyta, a leading provider of secure IT Asset Disposition (ITAD) and Lifecycle Management (ITALM), has been selected by global professional services firm Aon to deliver a secure, sustainable, and centrally-managed global ITAD programme across … More...

Vyta logo, Trusted in Data Security, ITAD, and IT Recycling. Expert in Data Shredding and Secure Data Destruction in UK and Europe

Vyta provides sustainable, secure and cost-effective solutions for the responsible management of your IT asset lifecycle. Our services are key to protecting your data, maximising value, managing corporate risk and meeting sustainability goals.

Vyta are winners of the Kings Award for Sustainable Development in 2024

CONTACT US

info@vyta.com
+44 (0) 28 9084 7913

Vyta Great Britain
Vyta
Unit 28 Little Boyton Hall,
Roxwell, Chelmsford CM1 4LN, United Kingdom
Tel +44 (0) 33 0551 9983

Vyta Republic of Ireland
Vyta
Unit 66 Block 503, Greenogue Business Park
Rathcoole, Dublin D24 F300, Ireland
Tel +353 (0) 1257 3232

Vyta Northern Ireland
Vyta
Unit 1 Mallusk View, Central Park
Newtownabbey BT36 4FR, Northern Ireland
Tel +44 (0) 33 0551 9983

Vyta Germany
Vyta
Am Aspenhaag 5
65451 Kelsterbach
Germany
Tel +49 6107 7798991

Privacy Policy | Cookie Policy | Modern Slavery Policy |
PAS2060 Qualifying Explanatory Statement

  • LinkedIn
  • Twitter

Copyright Vyta Ltd © 2025