The Information Commissioner’s Office (ICO) has served a penalty of £130,000 on Powys County Council for breaching the Data Protection Act.
Powys County Council sent the details of a child protection case to the wrong recipient.
The £130,000 penalty is the highest that the ICO has served since it was given the power in April 2010 and follows a similar incident, which was reported by the council to the ICO in June last year.
The latest breach at Powys county Council occurred in February when two separate reports about child protection cases were sent to the same shared printer. It is thought that two pages from one report were then mistakenly collected with the papers from another case and were sent out without being checked. The recipient mistakenly received the two pages of the report and knew the identities of the parent and child whose personal details were included in the papers.
The recipient made a complaint to the council and a further complaint was also submitted by the recipient’s mother via her MP.
Assistant Commissioner for Wales, Anne Jones said:
“This is the third UK council in as many weeks to receive a monetary penalty for disclosing sensitive information about vulnerable people. It’s the most serious case yet and it has attracted a record fine. The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.
“The ICO has also issued a legal notice ordering the council to take action to improve its data handling. Failure to do so will result in legal action being taken through the courts.
“There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK’s local government sector to discuss how we can support them in addressing these problems.”
The Information Commissioners Office is pressing the Ministry of Justice for stronger powers to audit local councils’ and the NHS on their Data Protection Compliance.
Related Posts on the actions of the Information Commissioner:
- Estate Agent prosecuted for not disclosing he stored personal data
- Information Commissioner fines two councils for emailing personal information
- QC has unencrypted laptop stolen and is sanctioned by the ICO
- Council breaches the Data Protection Act by losing a memory stick
- Who fell foul of the Information Commissioner in October?
- Who has the Information Commissioner caught in the last 3 months