Paul Hedges, a former manager of a health service in the UK, was recently fined £3,000 by the Information Commissioner's Office (ICO) for unlawfully obtaining 2,471 people's sensitive medical information.

Hedges was also ordered to pay a £15 victim surcharge and £1,376 prosecution costs.

Hedges, a Community Health Promotions Manager at Bitterne Leisure Center in Southampton, sent the information to his personal e-mail account on April 28, 2011, after he was told he was about to be fired. According to the ICO, he planned to use the data to start up a new fitness company.


The ICO only learned of the breach when patients complained about being approached by Hedges.

"People have a right to privacy and the ICO works to maintain that right," Information Commissioner Christopher Graham said in a statement. "Nobody expects that their health records will be taken and used in this way. Mr Hedges had been told by Southampton Council about the need to keep patients' details confidential, but he decided to break the law."