23 March 2018
The penalty is the latest in a number of significant fines for public authorities and charitable organisations for serious data breaches.
The DVDs lost by the Nursing and Midwifery Council related to a nurse’s misconduct hearing and contained personal information, including evidence from two vulnerable children.
The ICO’s investigation found the information was not encrypted and so a substantial fine of £150,000 was levied. This follows on from the £325,000 fine for Brighton and Sussex Hospitals NHS Trust after personal data was found on hard drives being sold on an internet auction site. The ICO has the power to fine organisations up to £500,000 for serious breaches of the Act and has issued specific guidance for charities on its website.