In March 2014, spreadsheets containing the confidential and sensitive personal data of over 6,000 employees were inadvertently published on the website. This included the employees' names, pay scales, dates of birth, ethnicity, religious beliefs and sexual orientation. The spreadsheets were publicly available for 11 months and associated data downloaded by persons unknown on several occasions.
The Information Commissioner's Office investigated the incident and fined the Trust £185,000 for failing to take appropriate organisational measures against the unauthorised processing of personal data, and for having no procedures or adequate training in place to prevent the disclosure of information in this way. The fine was increased because it failed to notify staff of the error for a few months.
Stephen Eckersley, the ICO's Head of Enforcement, said the Trust had 'played fast and loose with the highly sensitive and private information that was entrusted to them.'