The UK Information Commissioner's Office (ICO) recently announced that it has imposed a fine of £100,000 on the Stockport Primary Care Trust after a site formerly owned by the trust was found to contain boxes of personal information, including particularly sensitive data on 200 patients.
According to the ICO, the sensitive data exposed by the trust included data on miscarriages, information about child protection issues, and a police report on the death of a child.
"It’s crucial that organizations don't take their eye off the ball when moving premises," deputy commissioner and director of data protection David Smith said in a statement. "This NHS trust's efforts to keep its patients' confidential records secure were completely undermined by its failure to properly decommission the premises it was leaving."
"In the last year we have served two six figure penalties on organisations that have left large volumes of personal information behind when leaving a site," Smith added. "These penalties highlight the need for organisations to have effective decommissioning procedures in place and to make absolutely sure that these procedures are followed in practice."
Because the Stockport Primary Care Trust was dissolved on March 31, 2013, the NHS Commissioning Board will be required to pay the fine.