It follows a high-profile leak which emerged from the employment tribunal last month, where a nursing colleague shared confidential patient information in a group chat with colleagues.
The Herald asked NHS Fife to confirm whether it would investigate and report this breach – but the health board refused to do so.
Between 2015-16 and 2024-25, NHS Fife internally logged 9,426 data incidents through its Datix system, with 92 being considered so serious they were escalated and reported to the Information Commissioner’s Office (ICO).
Organisations are required to report personal data breaches to the ICO, usually within 72 hours of the error after assessing the likely risk to the individuals’ rights.
Roz McCall, Scottish Tory MSP for Mid Scotland and Fife, said the findings were “damning” and urged Scottish ministers to step in.
NHS Fife was reprimanded by the regulatory body in 2023 after an unauthorised individual gained access to a ward and gained the personal data of 14 individuals and administered care to a patient.
Read more:
A reprimand is the less serious punishment and is instead a written notification from the ICO.
Almost 70% of NHS Fife’s incidents occurred in the last five years, since 2020.
Ms McCall told The Herald: “This is a damning indictment of the culture at the heart of NHS Fife.
“It beggars belief there have been nearly 10,000 data breaches at the health board in the last decade, with dozens referred to the information commissioner.
“Patients in NHS Fife will be deeply alarmed that sensitive personal data could have been compromised at any point given the scale of the breaches.
“In light of the Sandie Peggie case, those at the top of NHS Fife appear more interested in protecting reputations rather than protecting patients.
“John Swinney and Neil Gray must urgently step in and sack those responsible for this culture. They surely cannot have faith in them any longer after this latest damning revelation.”
NHS Fife said: “NHS Fife takes its obligations around data protection extremely seriously.
“The information provided by NHS Fife relates to the number of potential data breaches that required investigation over a 10-year period. Staff in NHS Fife are asked to report every potential incident, regardless of how minor, which demonstrates our ongoing commitment to ensuring any data is held safely and securely.
“Each potential incident is thoroughly investigated. Approximately 1 in 100 potential incidents are determined to be actual data breaches and are subsequently reported to the Information Commissioners Office as per our statutory requirement.
“Where a data breach is identified, this is properly documented and reported to allow full remedial action to be taken and to address any issues. Learning from such incidents is a vital element of this work and ensures we continue to have robust systems in place to protect the data we hold.”
Earlier this month, The Herald revealed the health board would not confirm whether it was investigating data breaches by nurse Lindsay Nicoll.
Ms Nicoll, an emergency nursing practitioner at Victoria Hospital, in Kirkcaldy, gave evidence in Ms Peggie’s employment tribunal against NHS Fife and transgender medic Dr Beth Upton.
But the tribunal heard that Ms Nicoll shared details of a patients name and sensitive information in a group chat.
Naomi Cunningham, the barrister acting on behalf of Ms Peggie, put it to Ms Nicoll that she would have breached her ‘regulatory obligations’.
The nurse admitted her conduct was “unprofessional”.
Read more:
NHS Fife policy requires binds staff to a “legal duty of confidence” to protect personal patient information, while the Nursing and Midwifery Council’s code of practice requires patient privacy and confidentiality to be respected.
Meanwhile, NHS Fife has refused to reveal information relating to its controversial statement published during the Sandie Peggie employment tribunal.
The health board’s 1,700 word statement was edited multiple times between July 18 and July 21. But when asked to reveal who signed off on the release, and any internal correspondence relating to it, through freedom of information requests, NHS Fife said it would not due to a risk of “prejudice” and the right to “free and frank provision of advice”.
The statement was condemned by Ms Peggie’s legal team after it appeared to link supporters of the nurse to violence.
The initial statement referenced the chief executive of Sex Matters, Maya Forstater, who has already given evidence in the tribunal, and the group’s chair, barrister Naomi Cunningham, who is leading Ms Peggie’s case.
The statement said the case had attracted “significant and very polarised” debate on social media, but added that it had now “evolved into much more worrying behaviour, including a threat of physical harm and sexual violence, which has required the involvement of Police Scotland”.
It was also described as “petulant” by Scottish Information Commissioner David Hamilton.