Surrey County Council fined £120,000 for misdirected e-mails

News

Surrey County Council fined £120,000 for misdirected e-mails

Kathleen Hall

Surrey County Council has been hit with a £120,000 fine for breaching the Data Protection Act.

The Information Commissioner's Office (ICO) fined the council after it sent sensitive information to incorrect e-mail addresses on three separate occasions.

In one of these instances the health and welfare information of 241 people was sent to the wrong recipients in an unencrypted e-mail. The second misdirected e-mail involved the personal data of a number of individuals being mistakenly e-mailed to more than 100 recipients. The third involved the council's Children Services department mistakenly sending out confidential information on an individual.

Surrey is now the fourth council to be fined for breaching the Data Protection Act since the ICO's powers were extended last April. It is also the body to have received the largest penalty to date. Hertfordshire Country Council and Ealing and Hounslow Councils have also received fines.

UK Information Commissioner Christopher Graham said: "Surrey County Council has paid the price for its failings and this case should act as a warning to others that lax data protection practices will not be tolerated."

Surrey County Council's fine follows recent criticism of the ICO that it has not sufficiently exercised its powers to issue monetary penalties, having punished just 1% of breaches in this way.

Surrey says it has now taken action to improve its policies on information security.

 


 

Photo: Thinkstock Images


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy