An NHS trust is to challenge a monetary penalty notice issued by the Information Commissioner's Office (ICO) in a case that could set an important precedent.
The NHS trust is to be the first public sector organisation to challenge the UK privacy watchdog in an appeal to the Information Tribunal, set to begin on 3 December, it emerged at a Westminster eForum in London.
The name of the trust has not been disclosed, but lawyers acting on its behalf plan to argue that the ICO acted unlawfully by fining the trust after it voluntarily reported the breach.
If during a consensual assessment the ICO finds an organisation has breached the Data Protection Act, the organisation is granted immunity from monetary penalties.
The trust’s lawyers believe the letter of the law gives the same immunity to organisations that voluntarily report data breaches and cooperate with the ICO during its investigations.
If the trust wins the appeal, the decision could set an important precedent that could lead to further challenges to the ICO by other public sector organisations fined after reporting breaches.
If the Information Tribunal rules in favour of the ICO, the trust’s lawyers would then be able to appeal to the High Court.