A monetary penalty of £175,000 has been given to a Torquay health trust after sensitive details of more than 1,000 employees were accidentally published on its website.
According to a statement by the Information Commissioner's Office (ICO), staff at Torbay Care Trust published the information in a spreadsheet on their website in April 2011 and only spotted the mistake when it was reported by a member of the public 19 weeks later.
The data covered the equality and diversity responses of 1,373 staff and included individuals' names, dates of birth and National Insurance numbers, along with sensitive information about the person's religion and sexuality.
Stephen Eckersley, head of enforcement at the ICO, said: “We regularly speak with organisations across the health service to remind them of the need to look after people's data. The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable. Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud.
“While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information.”
The ICO's investigation found that the trust had no guidance for staff on what information should not be published online and had inadequate checks in place to identify potential problems. The trust has now introduced a new web management policy to ensure personal data is not mistakenly published on its website in the future.