ICO hits Stoke-on-Trent City Council with £120,000 fine

News

ICO hits Stoke-on-Trent City Council with £120,000 fine

Jennifer Scott

Stoke-on-Trent City Council has been fined £120,000 by the Information Commissioner’s Office (ICO) for breaching the Data Protection Act.

A solicitor that worked within the organisation was found to have sent 11 emails containing information about a child protection law suit to the wrong person, which the ICO considered a “serious breach” of the legislation.

As well as data on the child, the emails – sent on 14 December 2011 – also contained information about the health of two adults and a further two children.

The recipient of the emails was identified but would not respond when asked to delete the offending emails.

It is the second time the council has been taken to task by the ICO, following the loss of a USB stick in 2010 which contained data on childcare cases. At that time it was made to sign an undertaking promising to make improvements to its data security policy.

In its updated guidelines, the council stated all sensitive data should be sent over a secure network or the information itself should be encrypted. In this latest incident, neither precaution was taken nor was the lawyer in question not provided with encryption software.  

“If this data had been encrypted then the information would have stayed secure,” said Stephen Eckersley, head of enforcement at the ICO. “Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure.”

Stoke-on-Trent City Council now has until the 26 November to pay the fine and must introduce further staff training and technical capabilities to ensure the same mistake doesn’t happen again.

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy