Investigation also involved recovering 39 computers that were sold by the data destruction firm, which had sensitive records on three of the hard disks.
ICO also ruled that the firm assured to crush the computer hard disks through an industrial guillotine, while NHS Surrey failed to observe the destruction process and did not have a contract ready with their new provider that explained the legal requirements of the data destruction.
NHS Surrey was decommissioned in March 2013 after some of their legal responsibilities were transferred to the NHS Commissioning Board.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.