ICO breaks £1m milestone as two councils fined

gallery

The Information Commissioner’s Office (ICO) is clamping down hard on data breaches, as two more councils were today served with hefty fines.

Croydon Council was handed a £100,000 penalty after a bag containing papers relating to the care of a child sex abuse victim was stolen from a pub.

Norfolk County Council was hit with an £80,000 penalty for sending data about allegations against a parent and the welfare of their child to the wrong recipient.

One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.

The two fines mean the ICO has now handed out over £1 million in fines since being given the license to hit organisations with up to £500,000 in data breach penalties in April 2010.

“We appreciate that people working in roles where they handle sensitive information will – like all of us - sometimes have their bags stolen. However, this highly personal information needn’t have been compromised at all if Croydon Council had appropriate security measures in place,” said Stephen Eckersley, head of enforcement at the ICO.

“One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient. Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training.”

The news came just three days after the ICO slapped five separate local authorities on the wrist for breaching the Data Protection Act.

In late January, the ICO handed out its biggest fine ever as Midlothian Council was told to pay £140,000.

Only one private organisation has been hit with a fine, but private bodies are not yet required by law to disclose data breaches.

Email to a friend

Print this page