The British National Health Service (NHS) has to pay 90 thousand pounds for compromising the data of 59 patients.
Over three months NHS employees sent 45 faxes to wrong numbers. During this time, the employees compromised data of 59 people, including their diagnoses and personal information. The negligent actions of the careless insiders are considered by the ICO to be a violation of the Law of citizens’ Personal Data Protection.
However, the NHS disagrees with the decision taken by the data protection service. They intend to make an appeal to the court if not against the actual imposition of such a large fine itself, then at the very least against its size. The ICO, however, believes that the multiple violation of the law and the inability of the organization to monitor actions of its employees should be punished by large fines.
Nikolai Fedotov, senior analyst at InfoWatch: «In the British National Health Service there is an insurance number (NHS number), which combined with the name of a citizen may be used for fraudulent operations.
Therefore, this concerns data which can be converted into money. Unlike, for example, the recent incident with the air ticket database, this personal data is of no interest for tabloid press, but genuine fraudsters. They won't be fishing for the details of celebrities' personal lives, but stealing money.
It is precisely because of this that fining civil servants is a useful measure, which may save people money.
In Russia, as yet there is no personal data which could be directly converted into money. In this regard, the fines imposed by Roskomnadzor (the Russian Federal Surveillance Service for Mass Media and Communications), are unlikely to have such a direct impact for the subjects' personal data».