Latest News

The ICO fines three councils

The ICO fines three councils a total of £270,000 for serious breaches of the Data Protection Act

The Information Commissioners Office has handed out a record fine of £130,000 to Powys County Council following two serious breaches of the Data Protection Act which involved the details of a child protection case and a vulnerable child’s details from social workers.

The information was sent to a shared printer and two pages were mistakenly collected with details of another report and were then sent out to the wrong recipient without being checked. The recipient knew the identities of the parents and child whose details had been mistakenly sent to him and they filed a complaint. The parents of the child in question also lodged a complaint through their MP.

This record fine follows two other large fines for councils who had breached the Data Protection Act. Worcestershire County Council was fined £80,000 when a member of staff emailed sensitive personal information relating to vulnerable people to 23 unintended recipients. North Somerset Council was fined £60,000 when a council employee sent five emails (two of which contained highly sensitive personal information relating to a child’s case review) to the wrong NHS employee.

These fines show that the ICO is willing to wield its power to impose monetary fines up to the value of £500,000 in cases where the Data Protection Act has been seriously breached. However, it is not just public bodies such as councils who need to be aware of this, as private companies and organisations can also have these fines imposed on them if their actions warrant such a punishment. It is extremely important that you store any personal data safely and securely on your IT network and that there is a data protection process in place when this information needs to be sent outside the organisation.