Brian Pennington

brianfpennington

, , , , , ,
5 comments on Council fined £140,000 for five serious data breaches

Council fined £140,000 for five serious data breaches

The five serious data breaches – all involving children’s social service reports being sent to the wrong recipients – happened at Midlothian Council and occurred between January and June 2011.

  • One breach concerned papers concerned with the status of a foster carer being sent to 7 healthcare professionals who had no need to see them
  • Another case was of the minutes of a child protection conference being sent in error to the former address of a mother’s partner, where they were opened and read by his ex-partner. The papers also contained personal data about the children’s mother

The first breach occurred in January 2011 but did not come to light until March

Ken Macdonald, Assistant Commissioner for Scotland said:

“Information about children’s care, as well as details about their health and wellbeing, is some of the most sensitive information a local authority holds. It is of vital importance that this information is protected and that robust policies are followed before it is disclosed.   

“The serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months. I hope this penalty acts as a reminder to all organisations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”

The ICO’s investigation found that all five breaches could have been avoided if the council had put adequate data protection policies, training and checks in place.

The ICO has ordered the council to take action to keep the personal information they handle secure. The council has recovered all of the information mistakenly sent to the wrong recipients and will now check all records to ensure that the details they hold are up-to-date.

.

Posted by:

brianfpennington

Experienced IT professional currently helping businesses achieve a range of GRC standards.

5 responses to “Council fined £140,000 for five serious data breaches”

  1. Post 4 | nikko23torres

    […] Data protection Act The Data Protection Act (DPA) is a UK Act of Parliament which defines the UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Example: 6 August 2012 a monetary penalty of £175,000 was issued to Torbay Care Trust after sensitive personal information relating to 1,373 employees was published on the Trust’s website. https://brianpennington.co.uk/2012/08/06/torbay-care-trust-nhs-fined-175000-for-breaching-the-data-protection-act/ 1 June 2012 a monetary penalty notice for £325,000 has been served on Brighton and Sussex University Hospitals NHS Trust following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff – including some relating to HIV and Genito Urinary Medicine patients – on hard drives sold on an Internet auction site in October and November 2010. https://brianpennington.co.uk/2012/06/01/latest-nhs-fine-for-breaching-the-data-protection-act-is-close-to-the-current-limit-at-325000/ 30 January 2012 a monetary penalty of £140,000 was issued to Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions. The penalty is the first that the ICO has served against an organisation in Scotland. https://brianpennington.co.uk/2012/01/30/council-fined-140000-for-five-serious-data-breaches/ […]

    Like

    Reply
  2. Post 4 | nikko23torres

    […] 30 January 2012 a monetary penalty of £140,000 was issued to Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions. The penalty is the first that the ICO has served against an organisation in Scotland. https://brianpennington.co.uk/2012/01/30/council-fined-140000-for-five-serious-data-breaches/ […]

    Like

    Reply
  3. shslsaito

    […] 30 January 2012 a monetary penalty of £140,000 was issued to Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions. The penalty is the first that the ICO has served against an organisation in Scotland. https://brianpennington.co.uk/2012/01/30/council-fined-140000-for-five-serious-data-breaches/ […]

    Like

    Reply
  4. 2012 was a big year for the Data Protection Act with record fines and breaches, see the full 2012 list here. « Brian Pennington Avatar
    2012 was a big year for the Data Protection Act with record fines and breaches, see the full 2012 list here. « Brian Pennington

    […] 30 January 2012 A monetary penalty of £140,000 was issued to Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions. The penalty is the first that the ICO has served against an organisation in Scotland. Read the details here. […]

    Like

    Reply
  5. Who has breached the Data Protection Act in 2012? Find the complete list here. « Brian Pennington Avatar
    Who has breached the Data Protection Act in 2012? Find the complete list here. « Brian Pennington

    […] 30 January 2012 A monetary penalty of £140,000 was issued to Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions. The penalty is the first that the ICO has served against an organisation in Scotland. Read the details here. […]

    Like

    Reply

Leave a comment