ICO slaps £60k fine on Plymouth Council over printing gaffe
Child protection information sent to the wrong person
The Information Commissioner’s Office (ICO) has fined Plymouth City Council £60,000 for a serious breach of the Data Protection Act.
The penalty follows after it was found that an employee of the council printed out and information about a family in the area to another resident by mistake. The pages contained details of allegations of child neglect resulting in ongoing care proceedings.
The council worker collected three pages of sensitive information from a printer alongside another document by accident. Those pages contained information about two adults and their four children, these were then sent to the wrong person by a social worker.
“It would be too easy to consider this a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people’s sensitive information,” said Stephen Eckersley, head of enforcement at the Information Commissioner’s Office (ICO).
“The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that.”
A spokeswoman for Plymouth City Council said that the council has now made changes to its printing processes following the incident
"In line with guidance, the incident was reported to the Information Commissioner's Office. The three pages were quickly recovered and destroyed, both clients were spoken with about the incident and our sincerest apologies were offered.
"Practical steps to prevent a similar situation happening again were taken including secure pin printing so that reports are only printed when staff activate the printer with their code, which reduces the risk of papers being mixed up.
Last week, the ICO issued a code of practice on anonymising personal data.