The Information Commissioner’s Office (ICO) has fined Brighton and Sussex University Hospitals NHS Trust £325,000 following a serious breach of the Data Protection Act 1998… The fine related to the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff, including some relating to HIV and genito-urinary medicine patients, on hard drives sold on an internet auction site in October and November 2010.

This checklist highlights the key legal obligations that a business should consider when dealing with personal data about customers, suppliers, employees or any other individual who may be encountered during the course of business.