A hospital is facing a fine of £375,000 after computer hard drives containing confidential information were stolen.
The hard drives, containing information on tens of thousands of patients, were taken from Brighton General Hospital in September 2010.
The Information Commissioner’s Office (ICO) has sent a notice to the Brighton and Sussex University Hospitals NHS Trust proposing the fine.
The trust said it would be challenging the proposed penalty.
An ICO spokesman said: “The ICO is currently making inquiries into a possible breach of the Data Protection Act and is unable to speculate on what action will be taken at this time.”
Sussex Police were called when the hard drives ended up on eBay after being stolen while they were being decommissioned.
Duncan Selbie, chief executive of the trust, said: “As soon as we were alerted to this, we informed the police and with their help we recovered all the hard drives.
“We are confident that there is a very low risk of any of the data from them having passed into the public domain.”
He said the trust was challenging the fine and that they were the victims of a crime.
The trust had subcontracted the destruction of the discs.
A 36-year-old man from Seaford was previously arrested on suspicion of theft and was bailed several times before a decision not to take any further action was taken by police in July.